WhatsApp Denies Allegations That It Left Backdoor Open For Government Snooping
WhatsApp is one of the most popular chat apps on the planet, for a handful of reasons. For one, WhatsApp makes it extremely easy to keep communications with friends and family open and ongoing even if your mobile data package is paltry (thanks to Wi-Fi), in addition, it's also been deemed one of the most secure chat apps available, a fact that's led those even with the most confidential subject matter to rely on it.
But there may be a chink in WhatsApp's armor. A report recently outed a significant security flaw in WhatsApp that "could" let the company regenerate your encryption keys without your knowledge, effectively allowing it to intercept your messages before they get re-encrypted.
There are a couple of major problems here, the biggest one being that this process can be done without the user's consent or knowledge. Only those who manually enabled encryption warnings in WhatsApp's settings menu would be notified, and as seen in the screen shot below, it's not enabled by default.
Another issue, is that this potential exploit can be easily automated. Users should always have the ability to generate new keys and re-encrypt their data, but WhatsApp's design would technically allow government agencies to force the company to re-encrypt a user's data in order to siphon it off before it gets re-encrypted again and sent out. It's important to note that the only data affected would be what's stored locally on the device and hasn't yet been "delivered", but that doesn't prevent an automated process from changing the keys before each and every message sent.
It's for that reason that some have begun to wonder if the US government is in fact working with WhatsApp on communications interference. The company denies that allegation, stating, "WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor."
If you're a WhatsApp user and are concerned about your information being breached, you probably have little to actually worry about, as we're sure if the US government did interfere with any WhatsApp accounts, they were probably very targeted. However, this incident does give everyone a good reason to enable the encryption notification option in the rare case that this will affect them at some point in the future.