WhatsApp Seeks to Calm Worries Over "Backdoor" Code

WonderHowTo

Technology companies creating 'backdoors' for government agencies and other third parties to use in order get around passwords and other privacy measures was a big worry among tech users through 2016. Following a mass shooting in San Bernardino at the end of 2015, Apple resisted huge pressure from the FBI to create a means to bypass security features and gain access to information in the attacker's iPhone via a 'backdoor' into the device. (Then the FBI managed to break through Apple's privacy defences using Israeli technology and everybody lost interest.) Anyway, now it seems backdoors are back on the front burner, as accusations aimed at the Facebook-owned social media platform WhatsApp emerged last week alleging the company had secretly developed their mobile app with a built-in backdoor, the likes of which James Comey would drool over.

According to a blog post by security expert Tobias Boelter, a bug in the app means that some messages which are sent via WhatsApp can be intercepted and read by the company - even though it flat-out denied that such was the case when it was asked by Boelter back in April 2016. The problem, Boelter claims, comes when encryption keys are reissued.

Speaking to the Guardian (which is calling the flaw a '"vulnerability" rather than a "backdoor") Boelter said: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.” Other privacy campaigners have claimed that such a discrepancy is "a huge threat to freedom of speech" which "could be exploited by government agencies."

In response, however, WhatsApp issued a statement saying: “WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.”

Indeed, the company also reiterated what they told Boelter in April: that it already knows about the bug and hasn't really tried to hide it. It's simply a feature of the app. 

Still, WhatsApp hasn't yet said straight-out that it is, indeed, able to read the messages in question. 

Now, it would be very surprising to learn that WhatsApp, a company renowned for its privacy and high security and end-to-end encryption measures, is in fact intercepting messages sent by its users. It would be even more surprising to learn that such a company would be prepared to share such information with security services. Whilst stranger things have happened, it's worth treating such concerns with a degree of scepticism. There is, after all, no evidence that such harvesting or sharing of data has taken place.

Still, scepticism runs two ways: and it is indeed quite worrying to see ambiguity lingering around whether or not WhatsApp can actually read the messages. In any case, it's also worrying that WhatsApp has simply brushed-off such accusations. After all, even if they are responsibly denying themselves the urge to harvest data and pass it on under the table (which would be approaching the worst case scenario), the capacity to do so is apparently there - and there's little to guarantee that their successors, or indeed their fellow technology companies, would rule as such enlightened despots; and could, in fact, simply use the precedent set by WhatsApp (of shrugging things off in this case) as a justification for their doing the same.

James Stannard

James has a Bachelor’s degree in History and wrote his dissertation on beef and protest. His heroes list ranges from Adele to Noam Chomsky: inspirations he’ll be invoking next year when he begins a Master’s degree in London. Follow him @Songbird_James

Contact us on Twitter, on Facebook, or leave your comments below. To find out about social media training or management why not take a look at our website for more info: TheSMFGroup.com