Vulnerability discovered in WhatsApp encryption system

16 January 2017
Surely many people have used WhatsApp at least once, or perhaps continue to use it to communicate with family or colleagues. This is not surprising, since the messenger has quite a few useful features, one of which is message encryption. However, the reliability of the latter has recently been called into question.Recall that the end-to-end encryption feature was introduced in WhatsApp back in April 2016. This means that a special algorithm began to create unique keys tied to the phone number. It was supposed to exclude the possibility of interception of sent messages by key authentication on users' gadgets, but Tobias Belter, an independent expert from the University of California, managed to prove that these measures were not enough to protect the privacy of correspondence. According to Tobias, messages sent to a user who is not online are stored on the WhatsApp server and are delivered to the recipient only after he goes online. At the same time, since the recipient will then have a new key generated, there is nothing to prevent a third party from accessing the correspondence. Tobias was quick to share this information with The Guardian. Of course, this news quickly spread around the world, and even the creator of one of WhatsApp's main competitors: the secure messenger Telegram. Pavel Durov in his Twitter account shared the opinion that the experts, so actively claiming the robust protection of WhatsApp, may well work for the U.S. government.At the same time, WhatsApp representatives also commented on this finding and hastened to assure users that there were no loopholes to access their correspondence. According to them, the feature found by an independent expert only helps to prevent users from losing messages. They also added that all possible security measures are published in a special document, and detailed reports are published on all requests from government agencies.