WhatsApp vulnerability allows others to spy on users!! Whats-app deny’s
www.theguardian.com said :-
Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights, verified Boelter’s findings.
He said: “WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform.”
The vulnerability calls into question the privacy of messages sent across the service, which is used around the world, including by people living in oppressive regimes.
Boelter reported the vulnerability to Facebook in April 2016 but was told that Facebook was aware of the issue, that it was “expected behavior” and wasn’t being actively worked on.
Gizmodo claims that this “vulnerability” is a very well-known way to spoof and circumvent encryption and messaging systems that rely upon it. It should be noted that this is extremely difficult to pull off. Alec Muffet, a former security engineer at Facebook told Gizmodo:
“There’s a feature in WhatsApp that—when you swap phones, get a new phone, factory reset, whatever—when you install WhatsApp freshly on the new phone and continue a conversation, the encryption keys get re-negotiated to accommodate the new phone. Say that I am sending to you, and your phone is offline because your [battery] is flat, or you have no coverage, or something. Some messages ‘back up’ on my phone, waiting to talk to yours. The proposition is that this condition: backed up messages, combined with someone colluding with Facebook, WhatsApp to ‘fake’ the ‘person has a new phone’ condition, can lead to the backed-up messages being re-encrypted and sent to the new, fake or colluded phone.”
WhatsApp has issued a statement on the story –
The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams.** This claim is false.**WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report. (https://govtrequests.facebook