Security backdoor discovered in WhatsApp’s end-to-end encryption system [Updated]

Update: Updated with a response from WhatsApp, below.

A security researcher has found a backdoor in the end-to-end encryption system used by the WhatsApp messaging service. The vulnerability would allow Facebook to read messages sent through the supposedly secure system, as well as making it possible for the company to comply with court orders to make messages available to governments and law enforcement.

While end-to-end encryption would normally mean that not even the company operating the service can decrypt messages, only the intended recipient, the specific implementation used in WhatsApp includes a major security hole …

The Guardian reports that Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley, discovered that WhatsApp has the ability to force a change of encryption key whilst offline. Any unsent messages would then be transmitted with the new key. With the default app settings, neither sender nor recipient would have any way to know that this had happened.

The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.

Although WhatsApp is based on the Signal protocol created by Open Whisper Systems, the same vulnerability does not exist in the Signal app, raising questions about how it came to be present in WhatsApp – and whether that was an oversight or a deliberate act.

[In Signal], if a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.

More worryingly still, when Boelter reported the issue to Facebook back in April of last year, he was told that it was ‘expected behaviour.’

Update: WhatsApp has again confirmed that its approach is deliberate.

The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false.

WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook

However, the Guardian did not claim that WhatsApp ‘gave governments a backdoor,’ only that the company could access messages, and would therefore be able to do so for governments when faced with a court order. Notably, WhatsApp’s own security page claims that is is unable to do this (bold text is our emphasis):

WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp.

With both US and UK governments able to intercept data from the entire population of their country, without any suspicion of criminal activity being required, privacy campaigners have said that the backdoor is a huge deal.

Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy, called the existence of a backdoor within WhatsApp’s encryption “a gold mine for security agencies” and “a huge betrayal of user trust” […]

Jim Killock, executive director of Open Rights Group, said: “If companies claim to offer end-to-end encryption, they should come clean if it is found to be compromised – whether through deliberately installed backdoors or security flaws. In the UK, the Investigatory Powers Act means that technical capability notices could be used to compel companies to introduce flaws – which could leave people’s data vulnerable.”

Facebook refused to comment on whether it had used the backdoor to access messages, or whether any such access was performed at the request of government agencies. The company had already come under fire for collecting data from WhatsApp users after its acquisition of the service.

WhatsApp is commonly used by whistleblowers and campaigners in countries with poor records on human rights. Anyone concerned about the privacy of their messages would seem to be well advised to use Signal.