WhatsApp vulnerability could expose messages to prying eyes, report claims

However, a security backdoor has been discovered in the WhatsApp service that allows Facebook and third-party hackers to intercept and read said encrypted messages.

While WhatsApp clears up the mess and deals with whatever fallout may come from this privacy fumble, some privacy activists are recommending that concerned users download Signal to guarantee the highest levels of protection. Generating new keys will automatically try to resend the messages, which then could allow the company to intercept them to read, or to theoretically hand off access to other agencies.

"This is a serious vulnerability - WhatsApp needs to know how keys are protected in order to keep the global communications of over a billion users safe and private", he said.

When a person sends out a WhatsApp message it's encrypted with a security key. The end-to-end encryption in WhatsApp was introduced in April 2016 in a huge boost to privacy technology. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.

Mr Boelter told WhatsApp owner Facebook about the issue in April 2016 but it said it was not working on a fix.

Alec Muffett, a former Facebook engineer, told Gizmodo: "When you swap phones, get a new phone, factory reset, whatever-when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone".

More news: Snapchat discloses Universal Search to Facilitate Navigation

Earlier today we reported about a security problem in WhatsApp that means it is possible for messages to be intercepted and read by others. The privacy advocates have expressed their concern over the revelation and have warned that "it can be used by government agencies to snoop on users who believe their messages to be secure". However, the company also has a way to force the generation of new encryption keys for undelivered messages without the knowledge of the sender.

In April of previous year, Facebook-owned WhatsApp revealed it had enabled end-to-end encryption for all messages sent on the service promising protection from hackers, corporations and governments.

Further, in a Guardian exclusive, it was revealed that Boelter had made WhatsApp's parent company Facebook aware of the security backdoor past year in April.

In Open Whisper Systems' Signal messaging app, if a recipient changes the key while offline, a sent message will fail to be delivered. Most likely, that change would be due to a user changing phones or reinstalling the app.

WhatsApp is trying to make it less frustrating to talk with people who often change devices, according to Zaki Manian, founder of blockchain company Skuchain and board member of the civil liberties organization Restore the Fourth. "In the situation, we want to make sure people's messages are delivered, not lost in transit", the company said in a statement. These keys are normally passed and verified between users in order to guarantee security and ensure that communications can not be intercepted. To set up encryption warnings go to Settings - Account - Security - Turn on Show security notifications.

Edition: