Security Experts:

No Backdoor, but WhatsApp Can Snoop Encrypted Conversations

A report emerged on Friday that the popular mobile messaging app WhatsApp packs a backdoor allowing its operator (Facebook) to tap into users’ end-to-end encrypted conversations, but experts have refuted the claim as an exaggeration and F.U.D.

WhatsApp’s end-to-end encryption relies on encryption keys exchanged between a sender and recipient and, while the platform could essentially read encrypted messages if the keys change and the people engaged in a conversation don’t verify the exchanged keys, this isn’t a backdoor, but rather a design choice.

The WhatsApp platform, one of the most popular mobile messaging services out there, uses Open Whisper Systems’ acclaimed Signal protocol for encryption. The manner in which the protocol has been implemented constitutes a backdoor that allows WhatsApp to read user messages, The Guardian reported.

For a long time, Facebook said that no one could tap into these conversations, and even claimed to have rolled out improved end-to-end encryption capabilities for WhatsApp following the Apple-FBI spat last year. According to this recent report, however, that’s not true, given that a “backdoor” provides the company with access to private conversations and potentially impacts over one billion users.

The “backdoor” was reportedly discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley, The Guardian says.

The protocol was implemented in such a way that it would allow WhatsApp to force the generation of new encryption keys when a message is sent to an offline user, and to also have the message re-encrypted using these keys, and re-sent.

These keys are issued without the sender’s or recipient’s knowledge, but only for messages that haven’t been yet marked as delivered. However, the recipient has no knowledge of this change, although the sender receives a notification, but only if they have opted-in to encryption warnings in Settings, and only after the message has been re-sent.

Claiming that the implementation actually represents a backdoor, The Guardian says that “this re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.” Users fearing government surveillance are even advised to stop using the service immediately.

According to Austrian penetration tester David Wind, the implementation doesn’t actually constitute a backdoor, although it allows for man-in-the-middle attacks and communication snooping. But such attacks are possible only when the sender and recipient “do not verify the fingerprints of the exchanged keys,” he says.

Based on Signal’s protocol, WhatsApp uses the Trust on first use (TOFU) concept for communication, meaning that, following initial exchange, a key is trusted as long as it doesn’t change. By default, Signal blocks the outgoing messages altogether when the key material changes, and doesn’t send new messages until the key has been manually verified. WhatsApp only notifies users of the change.

“Yes that’s true, WhatsApp is able to force the user to generate new keys," Wind told SecurityWeek in an emailed response. "WhatsApp is able to issue a new public key to the user, where they have the private key for and therefore they would be able to generate the message encryption keys. Therefore they would be able to decrypt the messages. The problem with WhatsApp is that it send the message even when the keys change - Signal does not send the message when the key material changes."

“But again, like I explained in my post: WhatsApp is closed source so nobody really knows what they are doing behind the scenes. It could be possible that the key verification of WhatsApp is in a way manipulated, that if a certain key is used (the one which WhatsApp uses to intercept messages), the key verification does not report anything bad. I don't know it and I don't believe it but it would be possible,” Wind also told us.

The issuance of new keys, however, can’t be considered a backdoor, mainly because this is a default setting of WhatsApp.

“If WhatsApp wanted to implement a backdoor, they would have done it in another way, they would have done it in a way which is more ‘silent’, I think,” Wind told us.

The researcher also notes that users can opt-in to be notified when the key material changes. One thing that users should keep in mind, however, is that a provider “always has the ability to intercept messages as long as the user does not verify fingerprints,” Wind says.

Former iOS developer at Open Whisper Systems Fredric Jacobs also points out that this is how the system was designed to work: “If you don't verify keys, authenticity of keys is not guaranteed. Well known fact.”

According to WhatsApp, however, it chose to implement the protocol this way because users change devices, reset them, or simply go offline often. By re-issuing keys and re-sending messages, WhatsApp ensures that conversations can continue between two people on its platform, the company says. 

Responding to an email inquiry, a WhatsApp spokesperson told SecurityWeek that the design decision in WhatsApp prevents people from losing millions of messages and is by no means a backdoor.

“The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a 'backdoor' allowing governments to force WhatsApp to decrypt message streams. This claim is false," the spokesperson told us.

“WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report,” spokesperson continued.

While user’s conversations might remain secure on WhatsApp, other data the application collects on them isn’t. Last year, the platform revealed that it shares user data with Facebook, and Germany took a stance on it in September. The data sharing between WhatsApp and Facebook raised concerns regarding user privacy and is likely to continue do so until the company ends it.

view counter