News surfaced recently that Facebook and other party can intercept and read WhatsApp encrypted messages. Privacy campaigners claim that this issue can hamper with the people's right to freedom of speech and feared that government agencies can exploit this vulnerability and snoop on its users.

WhatsApp Encrypted Messages Vulnerability

Facebook has earlier ensured its users that no one can penetrate and intercept its WhatsApp messaging service, but the app's end-to-end encryption protocol reveals otherwise, The Guardian reported. WhatsApp has built its brand on providing privacy and security in messaging, making it the communications tool of choice among diplomats, dissidents, and activists. This makes it an even bigger controversy knowing that Facebook, and other agencies, especially the government, can in fact intercept the encrypted messages in this app.

The apps end-to-end encryption system is based on the generation of unique security. It uses the Open Whisper System's reputable Signal protocol. These keys are traded and verified between the app and the users to ensure them that their communications are secured and free from interceptions.

However, it is found that WhatsApp can force these keys among offline users without the sender and the recipient's knowledge. This protocol can let the sender re-encrypt messages using new keys and send them again as messages that are marked as delivered. This re-encryption and resending of the message lets WhatsApp intercept and read the messages of its users.

How It Was Discovered

This vulnerability was discovered by Tobias Boelter who is a security and cryptography researcher, NDTV reported. The cryptography researcher from the University of California said that WhatsApp can easily share its messaging records to government agencies through the change in keys.

This vulnerability is not due to Signal protocol though, because Open Whisper Systems' Signal messaging app doesn't have the same problem. Signal is used by the popular whistleblower Edward Snowden. Changing Signal's security key offline doesn't bring the same loophole found in WhatsApp, which is why Snowden recommends using Signal's messaging service.