In what I am sure was on purpose due to it being Friday the 13th, some mild form of privacy panic has hit the world due to The Guardian's article this morning about a critical backdoor in WhatsApp. It postulates that, due to how encryption keys are handled when a device goes offline and messages are not sent (for whatever reason), WhatsApp or its parent company Facebook can intercept user communications. Meanwhile, Gizmodo has reported that this is not the case — how WhatsApp handles encryption is a feature and works as intended.
Gizmodo claims that this "vulnerability" is a very well-known way to spoof and circumvent encryption and messaging systems that rely upon it. It should be noted that this is extremely difficult to pull off. Alec Muffet, a former security engineer at Facebook told Gizmodo:
“There’s a feature in WhatsApp that—when you swap phones, get a new phone, factory reset, whatever—when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone. Say that I am sending to you, and your phone is offline because your [battery] is flat, or you have no coverage, or something. Some messages ‘back up’ on my phone, waiting to talk to yours. The proposition is that this condition: backed up messages, combined with someone colluding with Facebook, WhatsApp to ‘fake’ the ‘person has a new phone’ condition, can lead to the backed-up messages being re-encrypted and sent to the new, fake or colluded phone.”
This all started when a cryptography and security researcher at UC-Berkeley named Tobias Boelter called out this issue on his blog last April. He also sent a report to Facebook, who responded by saying this was known and that the company might consider changing it in the future, but it was not a priority. He then took his findings to The Guardian when it had not been resolved almost a year later, which is how we got that article this morning.
Honestly, this seems to come down to how paranoid you are. Regardless of how insidious or not this is, I think that the overall argument to be made is that Whatsapp should act more like Signal. In the situation described above, WhatsApp will re-encrypt unsent messages with the new keys and send the message without any authorization from the user. Afterwards, an inline notification will appear for the sender only if he or she has opted in (because it's disabled by default). Signal, on the other hand, prevents the message from being sent and alerts the sender to the recipient's new keys. He or she can then choose to verify the contact before re-sending the message.
Left: How WhatsApp displays a change in keys; Right two: How Signal handles it
Hacker News is having a field day with this, by the way.
WhatsApp has issued a statement on the story - we've pasted it below.
The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams.** This claim is false.**WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report. (https://govtrequests.facebook