Facebook can, in fact, read your WhatsApp messages

Security backdoor found within the messaging service...

Your WhatsApp conversations are vulnerable to prying eyes despite Facebook's encryption claims, according to research seen by The Guardian.

It has reported that Mark Zuckerberg's social media giant can indeed view messages due to the way the app's end-to-end encryption protocol is set up.

Tobias Boelter, the cryptography and security researcher at the University of California who made the discovery, says he reported the vulnerability to Facebook in April 2016 and was told that it was "expected behaviour" that the company wasn't looking to remedy.

Boelter told the paper:

"If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys."

Picture by Jonathan Brady PA Archive/PA Images

WhatsApp's encryption employs a generation of unique security keys using Open Whisper's Signal protocol which guarantees that conversations can't be intercepted. It has the ability, however, to secretly force the generation of new keys for offline users, making the sender re-encrypt messages with new keys and send them again for messages not marked as delivered.

The receiver is not aware of the change, with the sender only notified if they have opted in to encryption warnings. The re-encryption process allows the company to intercept messages.

Professor Kirstie Ball, co-director and founder of the Centre for Research into Information, Surveillance and Privacy, called the backdoor a "gold mine for security agencies" and "huge betrayal of user trust".


A WhatsApp spokesperson told Newstalk, "WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor. The design decision referenced in The Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.

"WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report," the statement continued.