The developer WhatsApp, a popular communications tool that touts end-to-end encryption as one of its prime features, has denied deliberately leaving a backdoor for the government to snoop on users’ communications.
End-to-end encryption (E2EE) is a feature that prevents middlemen from eavesdropping on communications including the company transmitting the messages. Demand for the feature skyrocketed after Edward Snowden revealed to the public that the US and its allies were conducting mass electronic surveillance worldwide.
WhatsApp is one of the many applications that offers E2EE, having introduced it in November of 2014 using Open Whisper Systems’ acclaimed Signal protocol. Snowden himself has suggested the Signal app as a safe way to communicate.
However, the Guardian newspaper reported on Friday that WhatsApp has a backdoor that exposes its users to potential snooping. The vulnerability lies in the way the application handles a change of encryption key, which usually happens when one party in the exchange changes their device or sim-card, or reinstalls the app.
By default, the other user is not notified that the encryption key has been changed, although there is an option to turn such a notification on. Moreover, all messages that were sent while the recipient was offline are automatically re-encrypted with the new key and resent.
If a malicious party were to take control of a WhatsApp server, it could force a change in the encryption key and install itself as a relay point, intercepting and reading all messages in the process, meaning the re-encrypted, resent messages would be exposed immediately. Moreover, if the key change notifications were not turned on, there would be no way for the users to realize that they were being snooped on.
By comparison, the Signal app, which uses the same protocol, always notifies users of encryption key changes and does not automatically re-encrypt and resend messages.
This type of attack would be hard for a common criminal to carry out, considering that WhatsApp servers are well-protected from hacking, but a government agency could theoretically force the company to do this.
“If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley, told the British newspaper.
The report said that, in April of 2016, Boelter had voiced his concerns to Facebook, which had acquired WhatsApp, but was told that the issue was “expected behavior” and that the company was not working on fixing it.
After the publication of the Guardian report, WhatsApp issued a statement saying: “WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”
The newspaper changed its article accordingly, calling the potential for a key change attack a “vulnerability,” rather than a “backdoor” – a term implying that the vulnerability had been left deliberately.
The Verge report says that the loophole was a trade-off between user convenience and security, with WhatsApp choosing to make concessions to appeal to less tech-savvy users. It argues that a government would not be able to exploit the vulnerability for mass surveillance because it would not be able to conceal it from users.
“It’s not a particularly useful technique for law enforcement: the target would be notified, and investigators wouldn’t get as much information as they would from an SMS login hijack or simply mugging the target when her phone is unlocked. But if an ambitious prosecutor wanted to score points in the encryption debate, it could be a very tempting subpoena to file,” the report points out.