WhatsApp backdoor and how to protect yourself

January 13, 2017

Earlier today we reported about a security problem in WhatsApp that means it is possible for messages to be intercepted and read by others. The backdoor takes advantage of the fact that WhatsApp’s implementation of end-to-end encryption makes it possible to resend encrypted messages using different security keys, allowing for third parties to read them.

What is concerning many people is the fact that (by default, at least) WhatsApp does not alert users when a message is resent using a different key — something that would be a warning of something going on. Here’s what you need to do to ensure you are told when the key changes.

Despite being built on the Signal protocol, WhatsApp works in a slightly different way to other communication tools that use the same protocol. It is possible to receive a notification whenever the security key used in a conversation changes so you can consider taking action — such as moving to a more secure messaging tool.

  • Fire up WhatsApp and open up Settings.
  • Within Settings, head to Account, and then go to the Security section.
  • Enable the option labeled Show security notifications.

As the app explains:

  • Turn on this setting to receive notifications when a contact’s security code has changed. Your calls and the messages you send and your calls are encrypted regardless of this setting, when possible.

But if you are concerned about security, perhaps it is time to move on from WhatsApp to something with better credentials.

by Mark Wilson


Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInShare on TumblrShare on StumbleUponShare on RedditEmail this to someone