Site icon Techno360

Protect your account from WhatsApp Loophole

WhatsApp Loophole was  unearthed, this security flaw could be exploited to read encrypted messages of WhatsApp users.

Tobias Boelter , a security researcher  discovered a loop-hole or backdoor in WhatsApp that allows Facebook , Government agencies or any company to read or intercept users messages.

Although  Facebook boasts about end-to-end encryption in their  popular messaging app and claims its impossible to intercept WhatsApp messages.

But, according to the researcher  Tobias Boelter , the vulnerability  in WhatsApp end-to-end encryption  implementation allows  the company or its owner Facebook to read the users messages.

To  implement end-to-end encryption, the popular messaging application  uses Whisper Systems’ Signal Protocol to generate unique security keys to keep messages secure. But the app forces offline users to generate new keys and WhatsApp loophole  could allow third parties  to read messages.

Although you cannot stop government agencies or Facebook to  misuse this loop-hole, but there is a setting in messaging app that  can at-least protect your account from this vulnerability.


How to Protect your account from WhatsApp Loophole ?

  1. Launch WhatsApp on Phone and tap on 3 dots menu.
  2. Next Select Settings and in Settings page , select ‘ Account’ option.
  3. Tap the ‘ Security’ option in the Account page.
  4. Now Tap the slide button to enable “show security notifications” .


Enabling ‘Security notifications’ option will tell when the security key used in a conversation changes, users  concerned about this WhatsApp Loophole, it’s better to lookout for secured alternatives such as Signal.

The researcher has informed about this flaw to Facebook in April 2016, but the company although aware of this issue didn’t worked to fix the flaw

Boelter said: “[Some] might say that this vulnerability could only be abused to snoop on ‘single’ targeted messages, not entire conversations. This is not true if you consider that the WhatsApp server can just forward messages without sending the ‘message was received by recipient’ notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message.”

via : The Guardian

Exit mobile version