The security community erupted in chaos today when The Guardian published a report claiming WhatsApp’s supposed end-to-end encryption contained a serious vulnerability that would allow Facebook and colluding governments to spy on users’ conversations.
The Guardian and critics characterized the vulnerability as a massive breach of user trust. In defense of WhatsApp, other security experts argue The Guardian‘s report is an alarmist overstatement.
The truth is probably somewhere in the middle. We’ll try to break down the debate and give some context on what’s going on.
Should I stop using WhatsApp?
The vulnerability won’t expose you to bulk government surveillance because of the effort involved in exploiting it. This is not something that can be done with large-scale, bulk, dragnet data collection. The average person probably has nothing to worry about.
But if you’re seriously concerned about the government targeting you as an individual, then you should probably quit using WhatsApp until the vulnerability is patched.
Then again, if targeted spying is something you’re legitimately worried about, then you probably shouldn’t be using close-sourced apps owned by the world’s largest, advertising-supported, US-based social network in the first place.
Here are some WhatsApp alternatives to consider:
Signal is the gold standard of encrypted messaging. WhatsApp uses the identically named Signal protocol in its end-to-end encryption method and added the vulnerability later. Signal does not suffer from the same vulnerability that WhatsApp does and has no serious known vulnerabilities to date. The clients are published as free and open-source software, which means it can be audited by anyone for security flaws (and it has been). The actual encryption protocol, however, is not open source.
Telegram uses end-to-end encryption in its “secret chats” feature and is more popular than Signal, which makes it a more likely alternative because your contacts might already be using it. Note that Telegram isn’t completely without its faults either. Some analysts claim they were able to access secret chat messages in plain text by remotely attacking a user’s phone. That’s not as serious as being able to intercept and decrypt a message while it travels between users like WhatsApp, but it’s worth considering.
Granted, if you Google hard enough, you will find someone who claims to have found a vulnerability on pretty much any popular app.
Viber implemented end-to-end encryption shortly after WhatsApp. Initially it was optional, but now it’s enabled by default. Instead of using the Signal protocol, however, Viber opted for some open-source protocols with its own security additions. The security overview on the company website states, “Viber’s protocol uses the same concepts of the ‘double ratchet’ protocol used in Open Whisper Systems Signal application, however, Viber’s implementation was developed from scratch and does not share Signal’s source code.”
Cyber Dust is an encrypted messaging app touted by Dallas Mavericks owner Mark Cuban that deletes messages 30 seconds after opening them. The features are something akin to Snapchat with a heavy focus on sharing, which seems sort of counter intuitive for a secure messaging app. Nonetheless, messages are end-to-end encrypted and never stored on the cloud. It doesn’t allow users to take screenshots of conversations.
If you want an end-to-end encrypted messaging app that’s truly open source, ChatSecure is for you. Available for iOS and Android, the app is marketed toward journalists and their sources. Two encryption protocols are available: off-the-record (OTR) messaging and extensible messaging and presence protocol (XMPP).
What is the WhatsApp E2EE vulnerability?
When you send a message normally, it gets encrypted before it leaves your phone, sent through the internet, and not decrypted until it lands on the recipient’s phone. Only the recipient’s phone contains the key that can decrypt the message. The private keys are generated and exchanged between users before any messages are ever sent. This is called “end-to-end encryption” or EE2E for short. WhatsApp uses the Signal protocol developed by Open Whisper Systems to make this process as secure as possible.
If the recipient changes phones and installs WhatsApp on the new phone, it doesn’t have access to the old phone’s private key. That means it can’t decrypt the message.
Instead of failing to deliver those messages, which would be an inconvenience to both users, WhatsApp added in what The Guardian calls a backdoor. The app renegotiates the key exchange, unbeknownst to the recipient, and automatically re-sends the messages. The sender only knows about the new keys if they have security notifications enabled.
That means if someone’s phone is offline for any reason, WhatsApp could conceivably fake a new phone and private key to receive those backed up messages and decrypt them.
Furthermore, WhatsApp could mark previous messages as unsent, which could mean entire conversations can be accessed by WhatsApp, and not just the actual unsent messages.
What’s the preferred alternative?
In the Signal encrypted messaging app, when a recipient changes phones, any unsent messages to them are marked as undelivered on the sender’s phone. They must be sent again. Users on both ends are notified if any private keys change on either side.
WhatsApp uses the same protocol as the Signal messaging app, but built a feature on top of it that would renegotiate the encryption keys and automatically re-send the messages. Furthermore, it isn’t as generous with its notifications.
In the aftermath of this controversy, we expect WhatsApp will make a few changes. Giving users at least the choice of whether to opt in or out of automatic key re-negotiations and notifying both sender and receiver would be a good start.
Can any hacker see my WhatsApp messages?
No. Exploiting this vulnerability would require explicit cooperation with Facebook or WhatsApp (Facebook owns WhatsApp).
A government agency, however, could request (or coerce) Facebook to spy on its users. It’s not an easy task, but it’s possible.
Did WhatsApp/Facebook intentionally implement the vulnerability?
This has been a hot topic of discussion. Facebook and WhatsApp argue they implemented the vulnerability for a better user experience. Essentially, they didn’t want users to have to deal with messages that fail to send just because the recipient is offline or they change phones. They obviously didn’t feel it was pertinent to notify users when their encryption keys had been renegotiated. Facebook publicly acknowledged the problem back in April 2016 and said it was normal behavior.
Critics argue the vulnerability was purposefully implemented as a backdoor to be leveraged by government spying agencies. If that was WhatsApp’s true intention, the vulnerability goes from being a “bug” to a “backdoor”.
How to turn on WhatsApp security notifications
Turning on security notifications will not stop unsent messages from being automatically resent after a key negotiation has taken place. Still they are useful for ensuring you’re chatting with the right person on the other end of the conversation.
To turn on WhatsApp security notifications:
- Open WhatsApp
- Click the three dots in the top right corner
- Go to Settings > Account > Security
- Toggle Show security notifications on
See also: What’s the best VPN for WhatsApp to access where it is blocked and censored in countries such as China.