Messages from users at risk for a backdoor. Or not?
This is one of those news stories that, necessarily, make a splash. According to the British newspaper The Guardian A bug in the adoption and use of WhatsApp's end-to-end encryption system could put users' messages at risk.. The problem would affect everyone, no one excluded.
But let's take a step back. Since April 2016 WhatsApp has adopted the Signal cryptographic protocol, also used by the anonymous chat app of the same name and developed by the Open Whisper System. It is one of the best end-to-end encryption protocols in existence today and has allowed WhatsApp to make a significant step forward in terms of privacy and the protection of user data (it is no coincidence that it is recognized as one of the most secure instant messaging apps), making it particularly attractive in the eyes of activists and whistleblower of all the world.
The WhatsApp bug that puts users' privacy and messages at risk
According to Tobias Boelter, a cybersecurity expert and professor at the University of Berkeley, however, this isn't exactly the case. An in-depth analysis of the protocol's operation revealed that WhatsApp servers could force the creation of new encryption keys if the message recipient were offline. This happens, of course, without the knowledge of either the sender or the recipient. According to the Guardian, this operation would jeopardize the privacy of messages sent but not yet received.
WhatsApp isn't the only messaging app to offer end-to-end encryption. Click on the image to discover Signal and other apps for sending secure messages.
The bug, Boelter claims, isn't related to the Signal protocol itself, but to WhatsApp's implementation within its communications network. Furthermore, the flaw was reported to the Facebook-owned company several months ago, but nothing was done to fix it.
No bugs and no danger for WhatsApp messages
Not everyone, however, agrees that the bugs WhatsApp poses a serious threat. Several cybersecurity researchers reacted angrily to The Guardian article, calling it a complete nonsense. Frederic Jacobs, a developer who worked on the iOS implementation of the Open Whisper System and is now an Apple engineer, agreed. According to Jacobs, the so-called bug is nothing more than a feature desired by the developers themselves that would also work perfectly on WhatsApp. A potential attack man in the middlein fact, it would be quite complex and would require some form of collaboration from WhatsApp itself. In conclusion, Messages exchanged in chats would be more than safe.
How to secure WhatsApp conversations
Other cybersecurity experts offer advice on how to protect messages Whatsapp and avoid that these can end up in the hands of some digital sneak. First of all, it is recommended to activate them security notifications, so you can receive messages when a contact's security code changes. This means that if a user's encryption keys change (for example, if they buy a new smartphone), you will receive a WhatsApp notification and can check in advance whether it is the correct one. sneak managed to intrude on your conversations. To do so, you will need to access the Settings of WhatsApp, press on Account and then on Safety: here you just have to press “the switch” and that's it.
Two-step authentication helps you protect your identity on WhatsApp too. Click on the image to find out how to enable it.
Furthermore, many people advise against backing up WhatsApp to the cloud (whether for iOS or Android backups): even if you enable database encryption, it's not impossible for hackers to decipher the encryption key and read your conversations or view your photos and videos. Cloud encryption, in fact, uses different protocols than traditional encryption. end-to-end and the keys used to protect files could also be easily found by hackers or governmental and non-governmental organizations interested in spying on citizens.
