According to a report in The Guardian newspaper, WhatsApp messages could be vulnerable to interception. It appears that due to their encryption techniques and a security backdoor, WhatsApp messages could be read without its users knowing.
The facebook-owned app relies on an encryption method that uses unique security keys within the Signal protocol that are “traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman.” Facebook also claims that no one can intercept the messages, not even the company itself, which is why the app is advertised as putting emphasis on privacy in the first place.
The problem is, this end-to-end encryption protocol has a slip: WhatsApp can force the generation of the new encryption keys for offline users without those users being aware of the change. According to The Guardian, this makes the sender re-encrypt messages with the new generation of keys and send them again for any messages that have not been marked as delivered.
The recipient of the messages is made not aware of this change in encryption, and the sender is only notified if they have chosen to receive encryption warnings in settings. However, even if they choose to receive warnings, senders are notified only after the messages have been re-sent. This process is what allows WhatsApp to intercept and read some of the users’messages.
Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights said: “WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform.”
Reference:
The Guardian (https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages)
Phys.org (https://phys.org/news/2017-01-whatsapp-vulnerable-snooping.html)
Chanwoo's Weekly Tech 