In WhatsApp messenger has discovered a vulnerability that allows attackers or security personnel to intercept the encrypted message. On Friday, January 13, The Guardian reports.
“Hole” in the application is found, a scientist from the University of California Tobias Bolter (Tobias Boelter). For the first time the technician turned to Facebook (which owns WhatsApp) in April 2016, and described the essence of the found vulnerabilities. The user of the social network noted that, in the course of such problems, but in the near future no plans to fix it.
Bolter argues that the vulnerability threat is still not closed.
In April 2016 WhatsApp introduced end-to-end message encryption (end-to-end), which provides access to the content of the correspondence only to the participants of the dialogue. Messenger repeatedly emphasized that even the employees of the company are not able to know what users write.
00:04 26 Dec 2016
However, scientist discovered that users do not receive notification in the event of a change of the encryption key. In the settings of the messenger application, you can enable notifications about generating a new key, but users will receive an alert only after sending the message.
When changing the key undelivered messages are re-encrypted and sent again. Theoretically, such actions open up the possibility for interception and decryption of the message.
“If government asks to access WhatsApp access to messages, the user can easily do this by changing the encryption key,” said Bolter.
Protocol encryption in WhatsApp based on technology from Open Whisper Systems, which is also known protected by the messenger Signal. Despite working on the same Protocol, users receive a warning Signal in the event of a change of the encryption key to send messages.
No comments:
Post a Comment