For those who shed their darkest secrets, this is bad news. Earlier last week reported The Guardian that encrypted messages can be sent and received via mail intercepted by people who send this costly message never thought. The report exposed exposed, a "back door" in the way that WhatsApp implements its end encryption to the end, which means that third party agencies can read and then advance messages without their knowledge.
The service is promoted by billions of people - some who live in repressive regimes and diplomats - "a great threat to freedom of expression" and privacy activists, the back door have called for
The current WhatsApp encryption method depends on a number of unique keys generated by the protocol signal that can be reliably absorbed supposedly original.
However, the problem is that WhatsApp does not have the path to generate offline has to encrypt the keys again and then to resend undelivered messages without notifying the user in advance, or giving them a chance to avoid it .
The vulnerability was discovered by Tobias Boelter, researchers and security cryptography at the University of California, Berkeley. He told the Guardian: "If a government agency to put their records open, asks for messages WhatsApp can grant access, due to the change in the key."
WhatsApp denies the claim back door and said that it is related to a design decision messages, with new keys that are generated for offline users, to ensure that messages are not lost in the mail .. In an appointment TechCrunch, WhatsApp said: "WhatsApp does not give governments a" back door "in their systems and that any government request oppose the creation of a back door."
The signal is the WhatsApp protocol for end uses at the heart of its end encryption method. When the messages from person A and B together will receive a unique set of key exchange, which should keep another from.
But if you send a press, and the recipient is offline *, WhatsApp can jump with a new encryption key and send the message automatically with a new key again, it would make a copy of WhatsApp!
This key and forwarding messages without the consent of the user is the "back door" to and the supposed "design decision". The word offline is essential. The recipient may be offline or could possibly be turned off appearing for WhatsApp in their sole discretion. WhatsApp the connection application could ban your receiver servers, and could theoretically provide the opportunity to generate this new key and have access.
This is a long debate, and BugsBounty.com (the largest ethical hacking community in India) said the crux of the matter is that the fact that WhatsApp / Facebook calls "design decision" does not prevent a "potential TAILGATE '.
Then the most important question is, "What can consumers do?" There is a solution. WhatsApp users can standard a setting to enable and maintain, so that they know when the encryption key is changed. This indicates that a new key has been generated.
"They Security": To enable this communication Go to Settings in whatsapp -> select Account - -> Select> enable
The key change is a common occurrence even today, when you move the device or SIM card.
"If and when you see this ad, and are worried that someone has forced their way into your conversation or monitor interception, it can be verified simply by calling the other person to see if they have changed their device or SIM,
"In the worst case scenario could WhatsApp can only" target "a user and have to reinstall the WhatsApp application, and force the creation of a new encryption key.This event could mask and successfully create a potential WhatsApp entry point Enabling snooping "says Ankush Johar, director BugsBounty.com
"WhatsApp could introduce a change, and that is to put the choice in the hands of the users, to allow the generation of new keys and delivery of subsequent messages. It could be an advanced option for easy operation or as a standard for conscious user privacy. With this change if a suspicious user snooping around, you can not send messages in control instead of today.
What's the alternative to WhatsApp?
WhatsApp is a treasure trove for monitoring by public authorities and stakeholders. If people are using whatsapp, because he thinks he can not be spied on, they have to leave him and seek alternatives (whistleblowers and journalists between them). Other applications that use the same signaling protocol, the "Allo" Google application in "incognito" and Facebook Messenger also said that the Optional Protocol to the offer "secret talks."
One alternative is to use the credible signal. Interestingly used WhatsApp the same protocol as the "sign". Application However, this signal application vulnerability has, because in the open source world, leaving a potential backdoor, would not be seen with ease, or at best, not have time to get public prominence.
Dismantling and WhatsApp
Within 50 days after devaluation and beyond users rely heavily on WhatsApp insurance in the knowledge that they were talking about their money matters safe from the prying eyes of the monitor (also known as unfounded wealth). This vulnerability shows how it can not be true, and how users rely on whatsapp falsely be their savior when it clearly is not.
Since the clock and Mark Zuckerberg really like each other, and also the public, can not completely wrong "imagine" a theory in which the government can have access or are also provided access to this gold mine of information available.