WhatsApp security issue demonstrated on YouTube
On Friday, the Guardian posted a story that uncovered what appears to be a serious security issue with the WhatsApp messaging service. According to multiple security experts, exploiting the service's encryption system could allow for third-parties to spy on your WhatsApp messages.
Later that day, WhatsApp contacted us with a statement, claiming that this isn't a backdoor into its system, as some security experts claimed, but an intentional design decision that made sure that millions of messages make their way to their intended recipients. This statement was later backed up by Open Whisper Systems, the creators of the encryption protocol that WhatsApp uses and developers of the hugely popular Signal messaging service, through a blog post on their official site.
Whether this is an encryption backdoor, or a design that improves WhatsApp's convenience, is not for us to decide. But the debate rages on, as Tobias Boelter, the security expert that blew the whistle in the first place, demonstrated how the system can be exploited to spy on people's messages and voice calls. He uploaded two separate videos on YouTube that show the “backdoor” in action, that you can watch below.
When asked if he reported the issue to Facebook first through their Bug Bounty program, Tobias also provided a screenshot of his conversation with Facebook representatives that shows he notified the company as early as April 2016. However, the answer he received was that what he believed was a vulnerability, was in fact expected behavior, and was not a bug at all. You can find the full conversation in the slideshow below.
We're not sure what to believe here. On one hand, a lot of security experts have backed up Tobias. On the other, Open Whisper Systems are trusted by a lot of high-profile whistleblowers, Edward Snowden being one of them, so their support certainly gives WhatsApp's claims a lot more legitimacy. What we do know is that we're bound to see more on the subject sooner, rather than later.
Later that day, WhatsApp contacted us with a statement, claiming that this isn't a backdoor into its system, as some security experts claimed, but an intentional design decision that made sure that millions of messages make their way to their intended recipients. This statement was later backed up by Open Whisper Systems, the creators of the encryption protocol that WhatsApp uses and developers of the hugely popular Signal messaging service, through a blog post on their official site.
When asked if he reported the issue to Facebook first through their Bug Bounty program, Tobias also provided a screenshot of his conversation with Facebook representatives that shows he notified the company as early as April 2016. However, the answer he received was that what he believed was a vulnerability, was in fact expected behavior, and was not a bug at all. You can find the full conversation in the slideshow below.
We're not sure what to believe here. On one hand, a lot of security experts have backed up Tobias. On the other, Open Whisper Systems are trusted by a lot of high-profile whistleblowers, Edward Snowden being one of them, so their support certainly gives WhatsApp's claims a lot more legitimacy. What we do know is that we're bound to see more on the subject sooner, rather than later.
Popular stories
Latest News
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: