So apparently there seems to be a WhatsApp vulnerability allowing third parties to snoop on encrypted messages in cases where the recipient had not received the message.
This comes as a potential blow to privacy advocates as WhatsApp made a big deal when they introduced the end-to-end encryption (E2EE) last year. This may not be good news for the likes of of activists, diplomats and dissidents in certain parts of the world with oppressive regimes.
The vulnerability is not so much a bug in the system but more or less a feature that according to this popular mobile chatting app developers, the feature helps with the seamless functionality of the mobile app. Users in various parts of the world tend to change phone and sim cards and therefore during down time could potentially miss out on messages sent when the phone is off the Internet.
When communication is restored another encryption key has to be reset to allow the recipient to receive the message and this is where a third party can intercept the message by compelling Facebook and WhatsApp to grant access to government authorities using the in-built backdoor.
Should I be Worried About the WhatsApp Vulnerability?
Now seeing this backdoor is a feature of WhatsApp then it seems the team behind the app has everything under control as long as it stays within their control. One would think that the information sent back and forth would be used to intercept the messages and use it for promotional and advertising purposes but by the very nature of the app it may be another white elephant to dig into.
The real problem here is allowing this information to fall into third parties hands when the developers are compelled to. We are talking about the Likes of the US National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) which seem to have the legal muscle to do this en-mass on behalf of their respective governments.
With that said, it now seems it may not be a good idea for those trying to keep their communications away from the prying eyes of some of these influential governments to use WhatsApp after all.
WhatsApp uses the acclaimed Signal encryption protocol by Open Whisper Systems, which is considered the gold standard for private messaging by acclaimed security researches as well as public figures including NSA whistleblower Edward Snowden. Apparently this WhatsApp vulnerability does not lie in this protocol itself but the way they have implemented the entire ecosystem.
So one alternative is to use the Signal app which guarantees your privacy should you prefer your online communications to remain so. Signal which is available for iPhone, Android and Desktop apps is completely free and secure and supports SMS, MMS, Chat, and secure voice calls.
There you have it. Now you know you can do all your online messaging more informed and responsibly.
Edit: WhatsApp through the settings allows you to turn on the notifications on when the sender changes the message key. This will let you know when something is amiss and could be a hint that your message may no longer be secure.