Backdoor found in WhatsApp encryption that allows snooping (updated)

13 Jan 2017

Broken encryption. Image: wk1003mike/Shutterstock

Despite WhatsApp claiming that its messages are end-to-end encrypted, new research has shown that a backdoor exists within the code to allow Facebook and others to read a transcript of messages.

In April of last year, Facebook-owned WhatsApp revealed it had enabled end-to-end encryption for all messages sent on the service, promising protection from hackers, corporations and governments.

At the time, WhatsApp’s co-founder Jan Koum said that “the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cyber-criminals. Not hackers. Not oppressive regimes. Not even us.”

Sender not notified of encryption changes

However, security researcher Tobias Boelter has revealed to The Guardian that this is not only false, but that a backdoor is also available into the app’s code to allow Facebook and others obtain message data.

While built using Signal protocol encryption developed by Open Whisper Systems, WhatsApp has found an ability to force new encryption keys for offline users that results in the sender’s messages being re-encrypted, and any other messages not marked as delivered.

This process of re-encryption and rebroadcasting allows WhatsApp and Facebook to intercept and read any messages sent during that time.

Also, the recipient of the re-encrypted message – and potentially snooped-on message – will have no idea that anything has occurred.

Meanwhile, the sender will only receive a notification that a message has been re-encrypted if they have their security notifications enabled, something which is turned off by default.

Differs from standard Signal protocol

Boelter has said that unlike the Signal protocol that will fail to send a message to a recipient if their security key changes while offline, WhatsApp has implemented it in such a way that it will automatically send an undelivered message with a new key and no warning.

“[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations,” Boelter said.

“This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice.

“Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”

‘A huge threat to freedom of speech’

Boelter’s findings have been verified by Steffen Tor Jensen of the European-Bahraini Organisation for Human Rights, while privacy campaigners like Kirstie Ball of the Centre for Research into Information, Surveillance and Privacy has called the discovery “a huge betrayal of user trust”.

“It is a huge threat to freedom of speech, for it to be able to look at what you’re saying if it wants to,” she said. “Consumers will say, ‘I’ve got nothing to hide’, but you don’t know what information is looked for and what connections are being made.”

In response to the claims, a spokesperson for WhatsApp just directed The Guardian to Facebook’s page for aggregated data requests made by governments.

Updated, 3.35pm, 13 January 2017: A WhatsApp spokesperson has since issued another statement, denying that it placed a backdoor in its encryption.

“WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks,” the statement reads.

“WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.”

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com