Skip to Content
Tech policy

How Cops Could Wiretap Encrypted iMessage and WhatsApp Chats

WhatsApp could be the next target in the Department of Justice’s war on encryption, and the service has a weakness that makes wiretapping easy.
March 14, 2016

Apple’s troubles with the Department of Justice may be about to double. And Facebook may soon also be sucked into the fight with the U.S. government over how much encryption is too much.

Apple is in a legal dispute with the Justice Department over its claim that the system that encrypts data stored on an iPhone unreasonably impedes law enforcement. Yesterday the New York Times reported that the Justice Department also has problems with the encryption built into Facebook’s WhatsApp messaging service. It is designed such that the company cannot decrypt messages and provide them to law enforcement. Apple’s messaging service, iMessage, uses a similar design.

There’s no sign yet that the Justice Department is about to kick off a second legal and public fight against Apple, or take on Facebook. But we do know that a weakness in how iMessage and WhatsApp are designed means that Apple and Facebook could allow law enforcement to listen in on their messaging systems relatively easily, even if they cannot hand over past messages. Cryptographer and Johns Hopkins University professor Matthew Green has written that the answer to the question of whether Apple could backdoor iMessage is “absolutely.”

WhatsApp and iMessage both use a design known as end-to-end encryption. That means that when devices exchange messages, the keys needed to decrypt the chat reside only with the devices involved. This is different from most services, like e-mail, for example, where your messages are only encrypted on the way to and from your service provider, and that company has access to the key needed to decrypt messages.

The problem with iMessage and WhatsApp is that Apple and Facebook want it to be easy for you to start conversations on their platforms. And so they act as a middleman and control the crucial keys used to secure your messages.

If you make a new friend and send her a message on WhatsApp or iMessage, the company behind either service tells your device which keys to use to encrypt the message, and to decrypt the reply. Apple or Facebook could include with the keys they hand out a special extra key that effectively adds the FBI to your conversation. Any messages sent between you and that contact could then be read by investigators, like a wiretap.

The solution to this weakness is well understood and used by messaging services that put more emphasis on security, such as Signal. If you can inspect the key used for chats with a specific contact, then you can confirm with them that you are only using keys associated with each other’s devices.

Adding that feature would (slightly) complicate the design of WhatsApp and iMessage, and the vast majority of people who use the platform probably wouldn’t use it. But the Guardian reported on Monday that Facebook and Apple are both planning to expand their use of encryption in response to the recent public and legal complaints of the Justice Department.

The coming changes mentioned don’t include patching up the gap in the design of WhatsApp and iMessage, but it would be an obvious and easy fix if the two companies want to tighten up against possible ways the government could tap into their systems.

(Read more: The New York Times, The Guardian, “Apple Vows to Fight the Feds in Battle Over Encryption”)

Deep Dive

Tech policy

wet market selling fish
wet market selling fish

This scientist now believes covid started in Wuhan’s wet market. Here’s why.

How a veteran virologist found fresh evidence to back up the theory that covid jumped from animals to humans in a notorious Chinese market—rather than emerged from a lab leak.

Conceptual illustration showing a file folder with the China flag and various papers flying out of it
Conceptual illustration showing a file folder with the China flag and various papers flying out of it

The US crackdown on Chinese economic espionage is a mess. We have the data to show it.

The US government’s China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals.

Professor Gang Chen of MIT
Professor Gang Chen of MIT

All charges against China Initiative defendant Gang Chen have been dismissed

MIT professor Gang Chen was one of the most prominent scientists charged under the China Initiative, a Justice Department effort meant to counter economic espionage and national security threats.

Harvard University professor Charles Lieber leaves federal court, Tuesday, Dec. 14, 2021
Harvard University professor Charles Lieber leaves federal court, Tuesday, Dec. 14, 2021

The China Initiative’s first academic guilty verdict raises more questions than it answers

Observers hoped that the trial of the prominent Harvard professor Charles Lieber would provide some clues into the future of the Department of Justice’s campaign against Chinese economic espionage.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.