WhatsApp is not really encrypting your messages - Technical.ly Brooklyn

Dev

Nov. 20, 2015 7:33 am

WhatsApp is not really encrypting your messages

A team of white-hat hackers found that anyone on the same network as your phone could gain access to the content of your messages.

WhatsApp now?

(Photo by Flickr user Jan Persiel, used under a Creative Commons license)

This is a guest post by TwoSense founder Dawud Gordon. A version of this article first appeared on the TwoSense blog.
WhatsApp’s security was recently hacked by white-hat researchers. After much click-baiting, it turns out they’re not actually collecting any information they shouldn’t be. They are, however, protecting it poorly, and they still have access to message content with the ability to share it with Facebook.

Security researchers at Brno University of Technology in the Czech Republic (fun fact: Brno is where Gregor Mendel discovered modern genetics) were able to reverse-engineer WhatsApp’s security mechanisms and published their findings in an academic journal.

Read the study

Instantly there was a frenzy of click-baited articles about how WhatsApp was stealing data from users. Reading the study itself showed that while they are indeed collecting data, that data is reasonable given the service they are providing. For example, if you start a call with a friend, your WhatsApp client sends your phone number and that of your friend to the server. In WhatsApp your number is your username, which is needed for the system to know who to connect you with.

WhatsApp on iPhone.

(Photo by Flickr user Álvaro Ibáñez, used under a Creative Commons license)

A while back we wrote a post about how WhatsApp announced it would be releasing end-to-end encryption for its mobile service. They had also announced that they themselves would lose access to user messages, with only the sender and recipient being able to decrypt communication. This confused me because it came just after their $19 billion acquisition by Facebook, presumably for the content of the user communication coursing through their network.

Why on earth were they worth $19 billion to Facebook if the user generated content within WhatsApp was about to disappear within an encrypted channel? What the Brno hack revealed is that their implementation fell far short of their claims, and Facebook’s investment in the content of WhatsApp’s users’ communication was safe.

In interviews with journalists WhatsApp stated that they would use Public Key Encryption, where only the sender and recipient can unencrypted content. Indeed they did, but they used the same key for every user. This makes the Brno hack possible, meaning anyone on the same network as your phone could gain access to the content of your messages. Also, it means that WhatsApp themselves still have access to all message content. Moreover, their parent corporation Facebook has access as well and the ability to target you with advertising based on the content of your WhatsApp messaging.

While this is surprising given WhatsApp’s previous PR, it does explain the mysterious $19 billion price tag (ultimately $21.8 billion) that Facebook was willing to put on WhatsApp. In my opinion, fully encrypting all WhatsApp content would make WhatsApp a near worthless asset to Facebook, especially considering the repeal of the $0.99 a year subscription model. We should not expect it any time soon, no matter how many posts like this one appear.

You must appreciate accurate, relevant and productive community journalism.  Support this sort of work from professional reporters with seasoned editors.  Become a Technical.ly member for $12 per month -30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

3 reasons why Ethereal NY is more than a blockchain conference

H-1B lessons in the time of Trump

3 ways blockchain technology could revolutionize the law

SPONSORED

Brooklyn

You can win up to $360,000 at the WeWork Creator Awards

New York, NY

LiveLike

Tech Lead, Mobile

Apply Now
New York, NY

LiveLike

Project Manager

Apply Now
New York, NY

LiveLike

Senior Android Engineer

Apply Now

Interesting facts on the state of indoor farming

Take a tour through Brooklyn’s snow day with these beautiful pictures

Dubai wants to become a leader in all things blockchain

SPONSORED

Brooklyn

Explore how diverse teams build dynamic products with Dev Bootcamp

New York, NY

LiveLike

Senior iOS Engineer

Apply Now

Sign-up for daily news updates from Technical.ly

Do NOT follow this link or you will be banned from the site!