WhatsApp security issue demonstrated on YouTube
Later that day, WhatsApp contacted us with a statement, claiming that this isn't a backdoor into its system, as some security experts claimed, but an intentional design decision that made sure that millions of messages make their way to their intended recipients. This statement was later backed up by Open Whisper Systems, the creators of the encryption protocol that WhatsApp uses and developers of the hugely popular Signal messaging service, through a blog post on their official site.
Whether this is an encryption backdoor, or a design that improves WhatsApp's convenience, is not for us to decide. But the debate rages on, as Tobias Boelter, the security expert that blew the whistle in the first place, demonstrated how the system can be exploited to spy on people's messages and voice calls. He uploaded two separate videos on YouTube that show the “backdoor” in action, that you can watch below.
When asked if he reported the issue to Facebook first through their Bug Bounty program, Tobias also provided a screenshot of his conversation with Facebook representatives that shows he notified the company as early as April 2016. However, the answer he received was that what he believed was a vulnerability, was in fact expected behavior, and was not a bug at all. You can find the full conversation in the slideshow below.
We're not sure what to believe here. On one hand, a lot of security experts have backed up Tobias. On the other, Open Whisper Systems are trusted by a lot of high-profile whistleblowers, Edward Snowden being one of them, so their support certainly gives WhatsApp's claims a lot more legitimacy. What we do know is that we're bound to see more on the subject sooner, rather than later.
source: Open Whisper Systems