Whatsapp encrypted messages found with a vulnerability
“No one can intercept into Whatsapp encrypted messages, even the company and its staff” claimed by the facebook.Assuring privacy for its billion users it implemented an encrypted messaging feature which implements the end-to-end encryption protocol.But recent research shows a huge vulnerability in the implementation of WhatsApp encryption messaging feature.
This security vulnerability in WhatsApp messaging app can allow the facebook and others to intercept into the chat conversation.The loophole found in the WhatsApp is discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley.He told to the guardian “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.” Previously, he also warned facebook about the vulnerability and the company claimed it was an “expected behavior” and wasn’t actively worked on.
Privacy campaigners said “it was a huge threat to freedom of speech”, which makes the government snoop into the privacy of the users who thinks they are secure.Whatsapp primary attention was its privacy and security which believed by billion number of users, activists, ad dissidents.This vulnerability may thrust WhatsApp into problems.
Actually, the vulnerability caused this way, that if an attacker gains access to the WhatsApp then, he may change the encryption key of the sender and the receiver doesn’t have any intimation of key changed at the sender. The sender will get the alert message only if he done the “show security notification” setting.Let’s see whether the facebook act on it or not.
How to enable “show security notification” setting.
- Open WhatsApp, click on 3 vertical lines to spread a menu.
- Choose settings in the menu.
- Now you have to choose the Account option as below.
- Select the security from the list of options.
- Now, you will find the “show notification security” which you need to enable as below.
Finally, you can able to get the notification if anyone modifies your sender encryption key.