SecureMac, Inc.

Widely Reported WhatsApp Vulnerability Not as Serious as Initially Thought

July 18, 2017

Back in January, prominent British publication, The Guardian, printed a story in which they claimed the popular messaging app, WhatsApp, had a critical flaw. They claimed it had a “backdoor” that could allow a malicious third-party to defeat the app’s end-to-end encryption and thus read your messages at will. With millions of users depending on WhatsApp as a safe way to privately message others, including people in war-torn countries and under oppressive governments, the report caused much alarm. At the same time, it also triggered a vocal outcry from …

Widely Reported WhatsApp Vulnerability Not as Serious as Initially Thought

Back in January, prominent British publication, The Guardian, printed a story in which they claimed the popular messaging app, WhatsApp, had a critical flaw. They claimed it had a “backdoor” that could allow a malicious third-party to defeat the app’s end-to-end encryption and thus read your messages at will. With millions of users depending on WhatsApp as a safe way to privately message others, including people in war-torn countries and under oppressive governments, the report caused much alarm. At the same time, it also triggered a vocal outcry from the tech world as experts disputed the claims made in the Guardian’s article.

Now, months later, the author of the Guardian piece has stated he now accepts the expert consensus that the conclusions in the report were erroneous. At the root of the issue seems to be a misunderstanding about security decisions made by WhatsApp. In reality, there is no “backdoor” to reading user messages, and there never was. As a term that carries with it connotations of deliberate deception, it’s an inaccurate moniker.

So, what was the real story? To improve the user experience when migrating between devices or SIM cards, messages in-transit when devices are changed may be re-encrypted with a new key and delivered to a user when they return. In some very limited scenarios, this could potentially offer a way for someone to read a message — but it would require intensive effort, time, and resources and still present an enormous technical challenge.

With encryption on the rise, it’s important to continually examine the strength and reliability of the solutions we use. However, it’s just as crucial to avoid jumping to conclusions without all the facts in hand. While the Guardian did not retract its story, choosing instead to attach an editorial note to the article, correcting the record is a good step. Staying informed is an essential part of staying secure. WhatsApp users should know that their messages remain safe from prying eyes.

Get the latest security news and deals