WhatsApp is used by over a billion people worldwide – that’s billions of messages, all allegedly private, secure, and protected by the end-to-end encryption provided by Open Whisper Systems. But are your private messages really secure?
End User Encryption Vulnerability
In early January, 2017 a ‘Backdoor’ was found in the WhatsApp system that could potentially give a third-party access to your messages. A ‘Backdoor’ is either placed by design, or by shortcoming, and it allows for unauthorized access to data, in this case, your messages. WhatsApp has previously stated that their popular messaging system is completely secure and encrypted, and indeed their encryption protocol is very safe. The problem lies not in the protocol itself but in the way it is implemented.
Defect or Feature?
When confronted with this security problem, Open Whisper Systems’ suggested that the vulnerability is not a defect, it is in fact a feature of most standard end-to-end encryption software. It seems that when posed with the dilemma between ultimate security and streamlined user-experience WhatsApp chose the latter. While they have clearly and publicly declared that they would oppose any request, even from a government department, to gain access and / or monitor user activity, there is a vast difference between choosing not to divulge information and blocking any access to it.
So what does this security vulnerability mean for the end-user? The detail lies in WhatsApp’s ever-changing encryption key that is broadcast by a contact and is not verified by WhatsApp security. Each time a contact broadcasts a new encryption key, it is not re-verified so as not to cause a break in the message delivery process.
How to Protect Your Messages
If you’re conscious about your privacy, it’s important to verify the encryption keys broadcast by your contacts before you send messages. Enable security notifications in the application itself and make sure that you manually accept and verify each encryption key broadcast by your contacts. However, you should be aware that this does not promise airtight security, seeing as WhatsApp will only notify you that the encryption key has changed after your message has been delivered. If you want to be extra cautious, conduct your private conversations on platforms like Signal that chose security over user-experience, and enable the verification of new keys before they are used.
It’s really appreciable that a major messaging app has overcome for people’s privacy concern. Thank you.
I used whatsapps often but i didnt knew about this … Thanks for this informative article.
As whats up is a social site, it has to be too much secure due to privacy. for this public key and private key encryption is necessary.
I use Telegram. I think it is better in security matter, but you never knows. I try not to share any personal data.
yes this is very nice post and it’s a useful post for me also my friends, Thank you share this post.
I think all WhatsApp messages are private, secure, and protected, but we are not! This post is definitely informative news for me. Thanks for sharing “How to Protect My Messages” tips. This is a very informative post which everyone should know.
WhatsApp is the biggest, most popular mobile and pc App. i can message and call friends and family. WhatsApp has proved that you don’t need to give up convenience for security.
WhatsApp is the biggest, most popular mobile and pc App. i can message and call friends and family.
It’s really appreciable that a major messaging app has overcome for people’s privacy concern. Thank you.
It’s really appreciable that a major messaging app has overcome for people’s privacy concern. Thank you.
For added convenience, all features of the application is available free of charge and identification number of the user, both with an internet connection from the network and any WiFi Hotspot.
I think whatsapp is very wonderful app and it very easy to use .Its one of the most popular mobile social communication app.I like this app.
What’s going on? This is the first time I’ve heard of this. Now I feel conflicted abut using this app.
Although I had preferred Viber earlier, I’m, catching myself to be using Whatsapp quite intense lately. Even though it has downsides like any other software, I guess ordinary users like me shouldn’t be worried. In addition, as long as you don’t do any illegal things, you should be safe whatever program or app you’re using.. Of course, with decent level of awareness… Just my two cents!
End-to-end encryption is always activated, provided all parties are using the latest version of WhatsApp. There is no way to turn off end-to-end encryption.
This article is very helpful and it creates awareness among all whats app user. I am using whats app more than 2 years and share many private and personal think cause I don’t know about third party work. After reading this article I became secure. Thank you.