Skip to main content
Whatsapp

WhatsApp bug

by June 18 2020#!31Mon, 22 Jul 2024 17:01:07 +0200+02:000731#31Mon, 22 Jul 2024 17:01:07 +0200+02:00-5Europe/Rome3131Europe/Rome202431 22pm31pm-31Mon, 22 Jul 2024 17:01:07 +0200+02:005Europe/Rome3131Europe/Rome2024312024Mon, 22 Jul 2024 17:01:07 +0200015017pmMonday=4159#!31Mon, 22 Jul 2024 17:01:07 +0200+02:00Europe/Rome7#July 22nd, 2024#!31Mon, 22 Jul 2024 17:01:07 +0200+02:000731#/31Mon, 22 Jul 2024 17:01:07 +0200+02:00-5Europe/Rome3131Europe/Rome202431#!31Mon, 22 Jul 2024 17:01:07 +0200+02:00Europe/Rome7#No Comments

Messages from users at risk for a backdoor. Or not?

The news is of those that necessarily make noise. According to the British newspaper The Guardian a bug in the adoption and use of WhatsApp's end-to-end cryptographic system would put users' messages at risk. The problem would affect everyone, no one excluded.

But let's take a step back. Since April 2016 WhatsApp has adopted the Signal cryptographic protocol, also used by the anonymous chat app of the same name and developed by the Open Whisper System. It is one of the best end-to-end encryption protocols in existence today and has allowed WhatsApp to do one significant step forward on the privacy side and the protection of user data (not surprisingly it is recognized as one of the safest instant messaging apps), making it particularly attractive to activists and whistleblower of all the world.

The WhatsApp bug that puts users' privacy and messages at risk

According to Tobias Boelter, a computer security expert and professor at the University of Berkley, however, things would not be exactly like that. In fact, an in-depth analysis of the functioning of the protocol showed that the WhatsApp servers would be able to force the creation of new cryptographic keys in case the recipient of the message was offline. All this, of course, without the sender or the recipient being aware of it. According to the Guardian, this is an operation that would jeopardize the privacy of messages sent but not yet received.

This operation, in fact, could allow WhatsApp itself - and therefore its employees - to get hold of the encryption keys used in the exchange between the two users and thus read part of their conversation. In the event that hackers manage to infiltrate the WhatsApp computer system, therefore, they could exploit this bug to their advantage and spy on unwitting users.

WhatsApp isn't the only messaging app that offers end-to-end encryption. Click on the image and discover Signal and the other apps to send safe messages

The bug, says Boelter, does not concern the Signal protocol itself, but the implementation made by WhatsApp within its communication network. The flaw was also reported to the Facebook-owned company several months ago, but nothing has been done to remedy it.

No bugs and no danger for WhatsApp messages

Not everyone, however, agrees in believing the bugs WhatsApp a serious danger. Several cybersecurity researchers have reacted quite angrily to the Guardian article, calling it all half-nonsense. On the same wavelength Frederic Jacobs, developer who worked on the implementation of the Open Whisper System in iOS and now in the ranks of Apple engineers. According to Jacobs, the so-called bug would be nothing more than a function wanted by the developers themselves that would work perfectly even on WhatsApp. A possible attack man in the middlein fact, it would be quite complex and would require some form of collaboration from WhatsApp itself. In conclusion, the messages exchanged in chats would be more than safe.

How to secure WhatsApp conversations

Other cybersecurity experts offer advice on how to protect messages Whatsapp and avoid that these can end up in the hands of some digital sneak. First of all, it is recommended to activate them security notifications, so that you receive messages when a contact's security code changes. This means that in case of changes to the cryptographic keys of a user (for example in case of purchase of a new smartphone), you will receive a WhatsApp notification and you can check in advance whether which sneak managed to meddle in your conversations. To do this you will have to access Settings of WhatsApp, press on Account and then on Safety: here just press "on the switch" and you're done.

 

Two-pass authentication allows you to protect your identity on WhatsApp too. Click on the image and find out how to activate it.

In addition, many advise against backing up WhatsApp to the cloud (both in the case of iOS backup and Android backup): even if database encryption is activated, in fact, it is not excluded that some hacker can decrypt the cryptographic key and read your conversations or watch photos and videos. In fact, encryption in the cloud uses different protocols than those of encryption end-to-end and the keys used to protect files could also be easily found by hackers or governmental and non-governmental organizations interested in spying on citizens.

Leave a Reply