Last year, WhatsApp switched on end-to-end encryption for all of its users. Now a report suggests that the approach is flawed—but the company argues that the vulnerability is an unavoidable trade-off in making the service user-friendly.
According to a new report by the Guardian, WhatsApp has a flaw that could, in theory, allow the company to read messages that users assume are safe from prying eyes. Tobias Boelter, a security researcher at the University of California, Berkeley, tells the newspaper that WhatsApp can force a device to generate a new encryption key when a user is offline. Then, if someone is sending a message to that device while it’s offline, the sender will be made to re-encrypt the messages and resend them.
Those messages could, says Boelter, be read by WhatsApp. And, presumably, by anyone who demanded the company turn them over, too.
WhatsApp knows this is the case, and it is unapologetic about it. It has a compelling argument: convenience. Whenever you swap SIMs, use a new phone, or for any other reason end up using WhatsApp afresh, the system creates a new set of keys to ensure your conversations remain secure. Any messages sent to you in the meantime would be lined up on the sender’s phone waiting for your return to the service. So WhatsApp tells the sender’s device to re-encrypt them using a new key before sending them. The idea: nobody has to miss a message.
WhatsApp defended itself in a statement issued in response to the Guardian report:
As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it's used every day around the world … [In] many parts of the world, people frequently change devices and SIM cards. In these situations, we want to make sure people's messages are delivered, not lost in transit.
To be sure, this does introduce a security risk. Fredric Jacobs, a security expert who worked at Open Whisper Systems, the company which developed the encryption system used by WhatsApp, explained to Gizmodo:
Say that I am sending to you, and your phone is offline because your [battery] is flat, or you have no coverage, or something. Some messages ‘back up’ on my phone, waiting to talk to yours. The proposition is that this condition: backed up messages, combined with someone colluding with Facebook, WhatsApp to ‘fake’ the ‘person has a new phone’ condition, can lead to the backed-up messages being re-encrypted and sent to the new, fake or colluded phone.
But in reality that's hard to pull off, and it’s unlikely that the company is using the trick to spy on your messages. For its part, WhatsApp has flat-out denied to the BBC the idea that it’s a backdoor designed to help law enforcement agencies. "This claim is false," it said. "WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor."
All that said, it is theoretically possible to build a backdoor in the app, because the man-in-the-middle nature of WhatsApp means that it could, if it so desired, include a special extra encryption key that effectively added a third party, like the FBI, to your conversation. Our own Tom Simonite outlined how something like this could happen last year.
It’s also worth remembering that the terms of service of WhatsApp don’t prohibit it from storing metadata about your messaging. So while it might not be able to read what you send (most of the time), it does know who you’re messaging, when, and how frequently.
If you’re deeply troubled by the merest whiff of WhatsApp being able to read your messages, you can turn on a notification system in the app that alerts you when somebody is updating their encryptions keys. That way, you can choose to refrain from sending messages that get backed up and could, theoretically, be read by WhatsApp. Or, you embrace the convenience of its service and tolerate the small risk.