WhatsApp Loophole was unearthed, this security flaw could be exploited to read encrypted messages of WhatsApp users.
Tobias Boelter , a security researcher discovered a loop-hole or backdoor in WhatsApp that allows Facebook , Government agencies or any company to read or intercept users messages.
Although Facebook boasts about end-to-end encryption in their popular messaging app and claims its impossible to intercept WhatsApp messages.
But, according to the researcher Tobias Boelter , the vulnerability in WhatsApp end-to-end encryption implementation allows the company or its owner Facebook to read the users messages.
To implement end-to-end encryption, the popular messaging application uses Whisper Systems’ Signal Protocol to generate unique security keys to keep messages secure. But the app forces offline users to generate new keys and WhatsApp loophole could allow third parties to read messages.
Although you cannot stop government agencies or Facebook to misuse this loop-hole, but there is a setting in messaging app that can at-least protect your account from this vulnerability.
How to Protect your account from WhatsApp Loophole ?
- Launch WhatsApp on Phone and tap on 3 dots menu.
- Next Select Settings and in Settings page , select ‘ Account’ option.
- Tap the ‘ Security’ option in the Account page.
- Now Tap the slide button to enable “show security notifications” .
Enabling ‘Security notifications’ option will tell when the security key used in a conversation changes, users concerned about this WhatsApp Loophole, it’s better to lookout for secured alternatives such as Signal.
The researcher has informed about this flaw to Facebook in April 2016, but the company although aware of this issue didn’t worked to fix the flaw
Boelter said: “[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”
via : The Guardian