WhatsApp has a backdoor
It turned out that WhatsApp has no value in encrypting messages.
According to the British media giant The Guardian, a security vulnerability in WhatsApp allows users’ encrypted messages to be read by Facebook and other third parties. As it is known, WhatsApp has recently changed the entire messaging protocol to work with end-to-end encryption. WhatsApp has used this new feature to market its messaging application especially to diplomats and journalists. But according to the Guardian, it is possible for third party access to “security codes”, which can not be seen by anyone and which encrypts the messages that are being sent. It is also possible to read encrypted messages. The security breach was first discovered in April 2016 by Tobias Boelter, a researcher on encryption and security at the University of California. Boelter, who communicated to WhatsApp’s proprietary Facebook, said, “We already knew it was like that; It is not a topic we are working on. ” Tobias Belter, who worked on it until he was sure that the exploit could be exploited, eventually contacted The Guardian and told the situation.
The Guardian warned users who use WhatsApp to get rid of the government oversight or for journalism to “stop using it immediately”
The encryption technology used by WhatsApp is not his invention. It uses Open Whisper Sytems’s proprietary Signal technology, and the security breach mentioned is also used by the famous activist Edward Snowden in the same company’s Signal-based messaging application. According to this, It is thought that WhatsApp has played on integrating this technology. The situation is exactly the same …
According to the working principle of WhatsApp’s Signal end-to-end encryption system, when you send a message from WhatsApp, this message is encrypted locally in your phone and a temporary key to decrypt the message is also sent to the recipient with the message. The receiver’s phone solves and displays the message using this key, which is WhatsApp’s “security code”. While this process is repeated for each message sent; according to the way the system works, nobody, including WhatsApp, could see the encrypted message, at least, in theory. Also the key sent was temporary and became unusable when the recipient wrote a reply.
According to the original Signal technology, if you or the recipient you are sending the message to are not connected to the internet, the message is waiting on a server; If you or the recipient were online, the message was being transmitted with the same key. Also, if the recipient or sender generated a new key for an untransmitted message, the Signal system informs the user and asked for confirmation before attempting to resend the message.
WhatsApp has done on technology is as follows: for messages that have not been delivered yet, they can generate new keys without giving you any information.
The problem starts here as WhatsApp has access to these new keys. In such a case, WhatsApp has an option to inform you. If you go to Settings> Account> Security menu and activate “Show security notifications”, WhatsApp informs you when the key for untransmitted messages is changed and sent. But the WhatsApp does not ask you for confirmation, as it is in the original technology, to send it again with a new, now viewable key, which it can send it automatically without asking you. It only informs you about the subject. The meaning of this information is as follows: “The passwords of this message can now be solved by us.”
It was already known that the company was playing on the system, there was a notification option on the “Settings” menu, and no one was stopping. Because whatsApp says in its documentation is that the purpose of this play is to ensure that your unscanned messages are transmitted when you change SIM-cards or phones. But tobias Boelter came out with this work, which was done by means of messages that were meant to be read by Facebook and even by governments if requested.
The Boelter also said, “This openness means that not only are individual key exchange messages read one by one, but if desired, a whole conversation history can be solved by WhatsApp.” Because WhatsApp will produce security keys according to your wishes without your approval, it has a freedom that is not in the original technology. Although WhatsApp insisted that they did not cooperate with governments, the fact that they have the possibilities and the technology they can play does not change.
In the whole world, the reaction from the academicians working in the field of knowledge on the scandal that caused echo began to fall. Professor Kirstie Ball, who works on information security, underlined that this scandal is “a gold mine for the intelligence,” which is “a tremendous betrayal of user trust.”
The Facebook spokes about the topic made no statement other than to say that we are “not cooperating with the governments” and that they are for users who change their phone.