Last spring, Whatsapp announced that every message on its service is delivered with end-to-end encryption, meaning no one, not even Whatsapp, can tell what's inside. Now, a report by The Guardian cites a security researcher claiming that its implementation is open to being backdoored or hijacked by government agencies. Whatsapp, and the people who helped design the implementation for its secure messaging, state this isn't the case, and instead, reflects a user experience design decision that isn't putting users at risk.
Whatsapp's secure messaging was implemented with help from Open Whisper Systems -- makers of the secure messaging app Signal -- and on its blog, the company explains how things work. Based on its Signal Protocol (also used for encrypted messaging in Google's Allo), each client is identified by a public key that's shared with other people, and a private key on the device. Because people change phones, or uninstall and reinstall apps, the pair of keys can change. Users can ensure their communication is secure by checking the security code displayed on each end, if it matches, then they can be sure their messages aren't subject to a man-in-the-middle (MITM) attack by a third party.
The Guardian's report is based on research by Tobias Belter. He claims that the server (potentially at the direction of a government agency) could generate a new key for one of the parties, and pretend to be them before the person on the other end is notified that something has changed. On the Signal app, this would cause an already sent message to fail, and the sender to be notified of a change before it could be attempted again. In Whatsapp, it displays a message that the key has changed, re-encrypts the message, and delivers it.
As Open Whisper Systems explains, this setup is better for Whatsapp's large user base because it's simpler for users. Also, since the server can't know who has notifications turned on, it makes trying to exploit such a change risky because of potential detection. While it agrees that people could differ in opinion on the implementation, it disagrees that this could ever be described as a "backdoor," which is what the article claims.
A number of security professionals have chimed in to agree, including Frederic Jacobs, who helped design the protocol being used. For users, the most responsible thing to do seems to be to turn on notifications, and check your security codes regularly.
It's ridiculous that this is presented as a backdoor. If you don't verify keys, authenticity of keys is not guaranteed. Well known fact.— Frederic Jacobs (@FredericJacobs) January 13, 2017
Look, WhatsApp is a great choice for most. Turn on verify keys and don't give your phone number to Facebook to protect metadata. -the end.— Zeynep Tufekci (@zeynep) January 13, 2017
I'm very disappointed by the @Guardian reporting, and even more by the tech community for uncritically falling for their anti-Facebook bias.— Filippo Valsorda (@FiloSottile) January 13, 2017