The Guardian very erroneously ran a piece yesterday that called to attention a vulnerability in WhatsApp and the public-key cryptographic methods that it makes use of. It caused a bit of a panic, saying rather pointedly that the encrypted chat app has a vulnerable backdoor that could allow people to snoop on unsent messages. And the article eludes to it being an easy process. Fortunately the article as actually false and fails to mention quite a few details that are very important.
WhatsApp is still very secure
Having a secure messaging platform is a nice way to keep all your many musings and memes private, away from prying eyes. But cryptographic systems aren’t perfect and though the Signal protocol used by WhatsApp takes end-to-end encryption to a very nice level, it also does need a modicum of input from the user to ensure that all your messages are indeed secure.
The problem seems to stem from the fact that WhatsApp will change the encryption key pair when a message fails to send. This can occur naturally and for a variety of reasons. Let’s say you lose connection for a bit, or you change your device or even reinstall the app. The encryption key pairs will need to be recreated so that the older keys, which may still reside in the older device, cannot be used to decrypt messages going forward. It’s actually quite a good idea, and can potentially help to keep your messages continually secure. If you use the app correctly, that is.
When a key pair from an individual is changed, the WhatsApp will inform you, and if you’re truly concerned you can actually confirm and verify the new key pair that you received against that which the WhatsApp server has received by using the in-app verification tool. That’s a design element that’s necessary, because whenever you send a public key over the internet, it can be intercepted and a nefarious no-one can launch a man-in-the-middle attack, injecting their own public key where the private key is a known quantity. But that type of attack is not a weakness of WhatsApp or the Signal protocol, but is inherent in any public-key cryptography implementation. Things can be intercepted, but here there are ways to ensure proper authentication. You just have to use it.
Yes, the conditions to create a key pair change can be forced, though that is not an easy process to complete. It’s not likely to happen, and if you’re being targeted, you’ll hopefully be more careful to begin with and take measure to ensure key pairs are authentic and from the source you want them from.
So, this is a vulnerability, certainly one that’s concerning only to a very small percentage, and is one that can actually be mitigated if you take the time to use the app correctly. It’s a nonissue, in other words. Cryptographic methods aren’t magical, and the key exchange has to happen somewhere. And since something is being sent over the Internet, that means that it can be intercepted. That’s just a fact of life, unfortunately. One that WhatsApp has accounted for actually.
Just take the time to verify the encryption keys and you’ll be much better off. Apparently the message notifying you of encryption key changes isn’t turned on by default, so please go do that in the settings and then enable it. It’s also important to note that all messages are individually encrypted with an iterated message key, so that even if one is compromised, the others cannot be read by an attacker with anything other than a good dose of brute-force. And good luck with that. You’re very secure still.