How WhatsApp vulnerability allows snooping on encrypted messages, and why it may be a big deal
Security researcher who discovered problem says if WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to change in security keys
A security vulnerability that can be used to allow Facebook users and others to intercept and read encrypted messages has been found in its WhatsApp messaging service.
Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.
Privacy campaigners said the vulnerability is a “huge threat to freedom of speech” and warned it could be used by government agencies as a back door to snoop on users who believe their messages to be secure.
WhatsApp has made privacy and security a primary selling point, and has become a go-to communications tool of activists, dissidents and diplomats.
WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a third party.
However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.
The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted in to encryption warnings in settings, and only after the messages have been resent.
This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.
The security loophole was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley.
He says: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”
The vulnerability is not inherent to the Signal protocol. Open Whisper Systems’ messaging app, Signal, the app used and recommended by whistle-blower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.
WhatsApp’s implementation automatically resends an undelivered message with a new key without warning the user in advance or giving them the ability to prevent it.
Boelter reported the vulnerability to Facebook in April 2016, but was told that Facebook was aware of the issue, that it was “expected behaviour” and wasn’t being actively worked on.
Steffen Tor Jensen, head of information security and digital countersurveillance at the European-Bahraini Organisation for Human Rights, verified Boelter’s findings. He said: “WhatsApp can effectively continue flipping the security keys when devices are offline and resending the message, without letting users know of the change until after it has been made, providing an extremely insecure platform.”
Boelter says: “[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”
The vulnerability calls into question the privacy of messages sent across the service, which is used around the world, including by those living under oppressive regimes.
Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy, calls the existence of a vulnerability within WhatsApp’s encryption “a gold mine for security agencies” and “a huge betrayal of user trust”. She adds: “It is a huge threat to freedom of speech, for it to be able to look at what you’re saying if it wants to. Consumers will say, I’ve got nothing to hide, but you don’t know what information is looked for and what connections are being made.”
A WhatsApp spokesman said: “Over 1 billion people use WhatsApp today because it is simple, fast, reliable and secure. At WhatsApp, we’ve always believed that people’s conversations should be secure and private.
“Last year, we gave all our users a better level of security by making every message, photo, video, file and call end-to-end encrypted by default. As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it’s used every day around the world.”
According to the spokesman, in the app’s implementation of the Signal protocol, it has a “Show Security Notifications” setting (option under Settings > Account > Security) that notifies users when a contact’s security code has changed.
“We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and SIM cards. In these situations, we want to make sure people’s messages are delivered, not lost in transit.”
Asked to comment specifically on whether Facebook/WhatsApp had accessed users’ messages and whether it had done so at the request of government agencies or other third parties, it directed The Guardian to its site that details aggregate data on government requests by country. .
WhatsApp later issued another statement saying: “WhatsApp does not give governments a ‘back door’ into its systems and would fight any government request to create a backdoor.”