Today's Hard|Forum Post
Today's Hard|Forum Post

Sunday January 15, 2017

WhatsApp Vulnerability Allows Snooping On Encrypted Messages

No one can intercept WhatsApp messages, not even the company and its staffآ—except when it turns out you actually can. A cryptography and security researcher has found that the program may generate new encryption keys for unsent messages. During this process, the message is no longer safe from prying eyes.

News Image

آ…WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered. The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.

Discussion