Important Update — Most Security Experts argued, "It's not a backdoor, rather it's a feature," but none of them denied the fact that, if required, WhatsApp or a hacker can intercept your end-to-end encrypted chats. Read detailed explanation on arguments in my latest article.
Most people believe that end-to-end encryption is the ultimate way to protect your secret communication from snooping, and it does, but it can be intercepted if not implemented correctly.
After introducing "end-to-end encryption by default" last year, WhatsApp has become the world's largest secure messaging platform with over a billion users worldwide.
But if you think your conversations are completely secure in a way that no one, not even Facebook, the company that owned WhatsApp, can intercept your messages then you are highly mistaken, just like most of us and it's not a new concept.
Here's the kick: End-to-end encrypted messaging service, such as WhatsApp and Telegram, contain a backdoor that can be used, if necessary, by the company and of course hackers, or the intelligence agencies to intercept and read your end-to-end encrypted messages, and that's all without breaking the encryption.
And that backdoor is — TRUST.
No doubt most of the encrypted messaging services generate and store private encryption key offline on your device and only broadcast the public key to other users through the company's server.
Like, In the case of WhatsApp, we have to trust the company that it will not alter public key exchange mechanism between the sender and receiver to perform man-in-the-middle attack for snooping on your encrypted private communication.
Tobias Boelter, security researcher from the University of California, has reported that WhatsApp's end-to-end encryption, based on Signal protocol, has been implemented in a way that if WhatsApp or any hacker intercepts your chats by exploiting trust-based key exchange mechanism, you will never come to know if any change in encryption key has occurred in the background. YES, that's possible.
Now every message sent from user A will get encrypted using the private key of A and the public key of B, which can be decrypted by user B only, using the public key of A and the private key of B.
Suppose: User B is offline, and user A has sent some messages to user B. But meanwhile, for some reason, the user B had to change the device and reconfigured same Whatsapp account on it. A fresh installation will force user B to re-generate new public and private keys pair for the same account.
And, later, whenever user B will come online again, the device will receive rest of the undelivered messages sent by A.
But How user B can decrypt messages, which were supposed to be encrypted using the old public key of B?
That's because, when user B comes online again, Whatsapp automatically exchange new keys b/w users without informing them and to successfully deliver same messages, WhatsApp of A will re-encrypt them using the newly received public key of B.
This is where the backdoor relies in the whole mechanism!
If a hacker (suppose user C) intentionally replace the public key of B with its own, all undelivered messages will get automatically re-encrypted and delivered to C, which can only be decrypted by private key of user C (hacker).
And It's a well-known fact that usability and security are inversely proportional to each other, and choosing usability over security doesn't end well.
Boelter told the Guardian that he reported the backdoor to Facebook in April 2016 -- the time when WhatsApp implemented end-to-end encryption by default in its messaging app.
However, the researcher was told in reply that Facebook was already aware of the issue and justified it as an "expected behavior."
To prevent the possibility of MITM attacks, WhatsApp also offers a third security layer in its app using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code (drawback: physical presence required) or by comparing a 60-digit number by another way of communication.
Oh! You must be thinking — Which secure messaging service then offers protection against such broken trust and interception?
There are several alternatives, such as "Signal Private Messenger", itself, developed by Open Whisper Systems and it's most recommended secure message app.
Most people believe that end-to-end encryption is the ultimate way to protect your secret communication from snooping, and it does, but it can be intercepted if not implemented correctly.
After introducing "end-to-end encryption by default" last year, WhatsApp has become the world's largest secure messaging platform with over a billion users worldwide.
But if you think your conversations are completely secure in a way that no one, not even Facebook, the company that owned WhatsApp, can intercept your messages then you are highly mistaken, just like most of us and it's not a new concept.
Here's the kick: End-to-end encrypted messaging service, such as WhatsApp and Telegram, contain a backdoor that can be used, if necessary, by the company and of course hackers, or the intelligence agencies to intercept and read your end-to-end encrypted messages, and that's all without breaking the encryption.
And that backdoor is — TRUST.
No doubt most of the encrypted messaging services generate and store private encryption key offline on your device and only broadcast the public key to other users through the company's server.
Like, In the case of WhatsApp, we have to trust the company that it will not alter public key exchange mechanism between the sender and receiver to perform man-in-the-middle attack for snooping on your encrypted private communication.
Tobias Boelter, security researcher from the University of California, has reported that WhatsApp's end-to-end encryption, based on Signal protocol, has been implemented in a way that if WhatsApp or any hacker intercepts your chats by exploiting trust-based key exchange mechanism, you will never come to know if any change in encryption key has occurred in the background. YES, that's possible.
Let's Understand the Backdoor With A Simple Scenario:
Suppose user A and B want to chat, and for which WhatsApp has automatically exchanged their public keys through its server.Now every message sent from user A will get encrypted using the private key of A and the public key of B, which can be decrypted by user B only, using the public key of A and the private key of B.
Suppose: User B is offline, and user A has sent some messages to user B. But meanwhile, for some reason, the user B had to change the device and reconfigured same Whatsapp account on it. A fresh installation will force user B to re-generate new public and private keys pair for the same account.
And, later, whenever user B will come online again, the device will receive rest of the undelivered messages sent by A.
But How user B can decrypt messages, which were supposed to be encrypted using the old public key of B?
That's because, when user B comes online again, Whatsapp automatically exchange new keys b/w users without informing them and to successfully deliver same messages, WhatsApp of A will re-encrypt them using the newly received public key of B.
This is where the backdoor relies in the whole mechanism!
If a hacker (suppose user C) intentionally replace the public key of B with its own, all undelivered messages will get automatically re-encrypted and delivered to C, which can only be decrypted by private key of user C (hacker).
And It's a well-known fact that usability and security are inversely proportional to each other, and choosing usability over security doesn't end well.
"WhatsApp has implemented a backdoor into the Signal protocol, giving itself the ability to force the generation of new encryption keys for offline users and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered. The recipient is not made aware of this change in encryption." The Guardian reports.However, users can receive notifications when security codes change, only if "security notifications" option has been turned ON manually from the app settings.
Meanwhile, Fredric Jacobs, who was iOS developer at Open Whisper Systems, also reacted on twitter and admitted that "if you don't verify keys Signal/WhatsApp/... can man-in-the-middle your communications," however he also added, "It's ridiculous that this is presented as a backdoor. If you don't verify keys, authenticity of keys is not guaranteed. Well known fact."Note that this backdoor has nothing to do with the Signal encryption protocol, created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly.
Facebook Haven't Fixed It Since June, 2016
Boelter told the Guardian that he reported the backdoor to Facebook in April 2016 -- the time when WhatsApp implemented end-to-end encryption by default in its messaging app.
However, the researcher was told in reply that Facebook was already aware of the issue and justified it as an "expected behavior."
"WhatsApp says that it implemented the backdoor to aid usability. If the backdoor is not in place, messages sent to an offline user, who then changes their smartphone or has to re-install WhatsApp and in doing so generates new security keys for themselves, would remain undelivered once the user comes back online." The Guardian says.
"In many parts of the world, people frequently change devices and Sim cards. In these situations, we want to make sure people's messages are delivered, not lost in transit." a WhatsApp spokesperson told the Guardian.And Yeah, the backdoor still exists in WhatsApp.
How to Protect Yourself from Spying?
To prevent the possibility of MITM attacks, WhatsApp also offers a third security layer in its app using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code (drawback: physical presence required) or by comparing a 60-digit number by another way of communication.
"Security codes are just visible versions of the special key shared between you - and don't worry, it's not the actual key itself, that's always kept secret."However, this option is useful only when you are actively looking to verify the authenticity of session keys and, we know, only one privacy-conscious paranoid user in thousands would do that.
Secure Alternative to Whatsapp
Oh! You must be thinking — Which secure messaging service then offers protection against such broken trust and interception?
There are several alternatives, such as "Signal Private Messenger", itself, developed by Open Whisper Systems and it's most recommended secure message app.