A report from The Guardian claims that the WhatsApp messaging app actually has a "backdoor" into its encrypted messaging platform. Allegedly, this flaw could potentially compromise the security of the information on over one billion users.
Security flaw in end-to-end encryption. The report from The Guardian that alleges the messaging app has a security flaw has triggered the backlash from information technology security experts and cryptologists alike. They claim the report to be disappointingly wrong and false.
The Guardian's article cites its source as one Tobias Boelter, a doctorate student, cryptographer, and security researcher at UC Berkley. Boelter claims that the vulnerability is from the handling of messages using its end-to-end encryption to offline users. The offline users could mean people who have changed their phone or SIM card.
The messaging app sends the undelivered message automatically instead of having users reconfirm their security keys before delivering the offline message. The recipient is later informed that the security keys have changed.
Signal, a comparable messaging app, is more secure as it blocks messages until users can confirm their security keys. Signal and WhatsApp both use the same protocol for their end-to-end encryption from Open Whisper Systems which is where their similarity ends.
An open letter has been sent to The Guardian requesting the publication to retract the story, issue an apology, and ensure that reports of the same nature won't be published without verifying and confirming in the future. The letter was written by a Zeynep Tufekci, a sociologist.
She states that the report from The Guardian has led to concerned users to start using less secure applications that are much more vulnerable. In addition, instead of criticizing The Guardian's source, Tufekci criticized the publication for its lack of due diligence in verifying Boelter's claims.
The Guardian was approached to comment on the matter by tech and entertainment website Mashable and responded with a statement saying, "While we stand by our reporting we have amended the article's use of the term 'backdoor' in line with the response and footnoted the articles to acknowledge this. We are aware of Zeynep Tufekci's open letter and have offered her the chance to write a response for the Guardian. This offer remains open and we continue to welcome debate."
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?