WhatsApp may not be as secure as you think it is!!!

The most popular messaging app WhatsApp has been under the scanner since the introduction of its end-to-end encryption service and has once again come into breaking news. The Guardian posted an exclusive article on WhatsApp vulnerability and claims that it "allows snooping on encrypted messages". This has generated a lot of buzz. Let's cut to the chase.

 WhatsApp essentially works on the acclaimed Signal Protocol developed by Open Whisper Systems but the way of its implementation has revealed a security loophole which has been there, accepted by Facebook owned WhatsApp but no step has been taken.This protocol has been used to keep the communication between people secure. However, WhatsApp has the ability to force generation of "new encryption keys for offline users" and resend the undelivered messages. This is unknown to the recipient of the message and sender unless he has opted-in to the encryption warning in Settings and that is after the message is re-sent.

 The loophole has been discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. He told the Guardian that WhatsApp could easily grant access to the keys if prompted by the government agencies and "disclose the messaging records." This re-transmission vulnerability can be used to get a transcript of whole conversation without showing the "read notification" (double-tick).  This loophole is not inherent in Signal app itself which uses the key transparency and drops the undelivered messages without generation of new keys. 

WhatsApp was quick to defend itself saying that people used WhatsApp because its "simple, fast, reliable and secure" and it is ready to fight any government agency but not "create a backdoor", thus posing the user security at risk altogether.

So what's in it for us?
It has now become a question of usability and security, of trust and betrayal. Too hard encryption would also drive away the user base to shift to simpler alternatives though with lesser protection. Obviously breaking into the security would require an unusually skilled hacker to intercept the messages but it has put us in an awkward place- Is our security truly in the right hands?

What do you think? Post it in the comments section. If u like us, do share and help us grow!