WhatsApp vulnerability is not a backdoor but it’s still a problem­čś«

The Guardian has a report saying WhatsApp has a backdoor which may lead the governments to gain access. However, a new report from The Verge said it’s not a backdoor but vulnerability.

The bug is known by security professional for a long time. The hacker needs to gain access to a WhatsApp server, then he needs to forcibly reset the keys used to encrypt messages, at last he requires to install a new relay point to intercept the messages. ­čŚä

The sender will need to opt-in the “Show security notifications” in settings to get notified. And the recipients would not be notified no matter what.

However, it requires server access. It is not entirely impossible, but some unusual hackers may be able to do that. ­čśÁ

Signal, another popular messaging app empathises security, using the same cryptography but not vulnerable to the attack. The reason is that Signal will stop sending the message when it detects a new key or reset. WhatsApp choose to send the message anyway.

WhatsApp does not choose Signal’s way may want to avoid messages to be dropped. Signal is using hard security which people may expect messages to be dropped.­čĄö

via The Verge

Leave a Reply

Your email address will not be published.