Skip to Content

How Cops Could Wiretap Encrypted iMessage and WhatsApp Chats

WhatsApp could be the next target in the Department of Justice’s war on encryption, and the service has a weakness that makes wiretapping easy.
March 14, 2016

Apple’s troubles with the Department of Justice may be about to double. And Facebook may soon also be sucked into the fight with the U.S. government over how much encryption is too much.

Apple is in a legal dispute with the Justice Department over its claim that the system that encrypts data stored on an iPhone unreasonably impedes law enforcement. Yesterday the New York Times reported that the Justice Department also has problems with the encryption built into Facebook’s WhatsApp messaging service. It is designed such that the company cannot decrypt messages and provide them to law enforcement. Apple’s messaging service, iMessage, uses a similar design.

There’s no sign yet that the Justice Department is about to kick off a second legal and public fight against Apple, or take on Facebook. But we do know that a weakness in how iMessage and WhatsApp are designed means that Apple and Facebook could allow law enforcement to listen in on their messaging systems relatively easily, even if they cannot hand over past messages. Cryptographer and Johns Hopkins University professor Matthew Green has written that the answer to the question of whether Apple could backdoor iMessage is “absolutely.”

WhatsApp and iMessage both use a design known as end-to-end encryption. That means that when devices exchange messages, the keys needed to decrypt the chat reside only with the devices involved. This is different from most services, like e-mail, for example, where your messages are only encrypted on the way to and from your service provider, and that company has access to the key needed to decrypt messages.

The problem with iMessage and WhatsApp is that Apple and Facebook want it to be easy for you to start conversations on their platforms. And so they act as a middleman and control the crucial keys used to secure your messages.

If you make a new friend and send her a message on WhatsApp or iMessage, the company behind either service tells your device which keys to use to encrypt the message, and to decrypt the reply. Apple or Facebook could include with the keys they hand out a special extra key that effectively adds the FBI to your conversation. Any messages sent between you and that contact could then be read by investigators, like a wiretap.

The solution to this weakness is well understood and used by messaging services that put more emphasis on security, such as Signal. If you can inspect the key used for chats with a specific contact, then you can confirm with them that you are only using keys associated with each other’s devices.

Adding that feature would (slightly) complicate the design of WhatsApp and iMessage, and the vast majority of people who use the platform probably wouldn’t use it. But the Guardian reported on Monday that Facebook and Apple are both planning to expand their use of encryption in response to the recent public and legal complaints of the Justice Department.

The coming changes mentioned don’t include patching up the gap in the design of WhatsApp and iMessage, but it would be an obvious and easy fix if the two companies want to tighten up against possible ways the government could tap into their systems.

(Read more: The New York Times, The Guardian, “Apple Vows to Fight the Feds in Battle Over Encryption”)

Deep Dive


What happened to the microfinance organization Kiva?

A group of strikers argue that the organization seems more focused on making money than creating change. Are they right?

Six ways that AI could change politics

A new era of AI-powered domestic politics may be coming. Watch for these milestones to know when it’s arrived.

Cryptography may offer a solution to the massive AI-labeling problem 

An internet protocol called C2PA adds a “nutrition label” to images, video, and audio.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.