WhatsApp Security Backdoor Puts User Privacy at Risk

The latest security update drew a lot of attention when the news proclaiming WhatsApp security unreliable, broke on the Internet.

WhatsApp Security Concerns

WhatsApp data security has always been a question for all who care about their data privacy. Because of the WhatsApp’s popularity, its security protocols were on hackers’ top-target list for years. The WhatsApp security and privacy terms were static, but it appears Facebook left the door open with its recent policy changes. The WhatsApp messenger security issues could be even more uncertain as a result of this change.

Is WhatsApp a Security Risk?

The Guardian first reported that user messages were no longer private. The report stated that Tobias Boelter, a security expert, claimed that WhatsApp would allow third parties access to its messaging records, if the need should arise. The researcher went on to say it would be possible, “due to the change in keys.”

The keys in question have to do with end-to-end encryption used by WhatsApp, which relies on Signal protocol. Ideally, this method grants secure and safe communication between users. However, it was suggested that WhatsApp is able to generate new security keys, making it possible for WhatsApp to obtain access to user messaging transcripts.

Does This Mean WhatsApp’s Security is Compromised?

All the claims were denied by Facebook, the official WhatsApp owner. So far, they reassured that not even the people working in their company had a chance to read private messages, or invade user privacy whatsoever. However, although the problem was brought to their attention last April, the Guardian insisted that the problem with the WhatsApp backdoor had not been resolved.

The exposure caught immediate attention from privacy campaigners who were more than displeased with it, expressing their concerns not only about regular users, but businesses as well. Dr. Jamie Graves, CEO at ZoneFox, who agreed that businesses indeed should be concerned, added: “In today’s world, many work related topics–often highly sensitive and at the highest levels are shared on the platform.”  When the number of employees who used WhatsApp at their workplaces, running the application on company devices, potentially putting valuable company data at risk of being exposed, was disclosed, tension rose.

The danger grows even more since WhatsApp is used as a shadow IT application, run by staff members, yet technically not vetted by the organization. Jason Allaway, who works at RES, explains the situation, saying it is understandable why the app is popular among the staff as a quick way to get in touch with co-workers. But, it should be kept in mind that any vital information, related to the organization is of great interest, and should not be shared through the app to avoid potential leakage.

How Long Will Your Private Data Stay Private?

In 2016, security experts criticized the proposal of the UK government to apply backdoor into law numerous times. Regardless, the government still plans on persuading such services as WhatsApp, Apple iMessage, Blackberry BBM to grant approval of allowing enforcement agencies access their data. On the contrary, a WhatsApp spokesperson emphasized that WhatsApp would not plea with the government request for a backdoor.

In one of its statements, the Guardian proclaimed that WhatsApp’s design, thanks to which users do not lose their messages, was intentional. Moreover, they claimed it was, in fact, a “backdoor” that would allow decrypting user messages if forced by governments. Those accusations, however, were denied.

As for the design, the spokesperson reassured there was no hidden intention behind its choice, other than to prevent users from losing their data, providing a technical white paper published on this topic. He also added that WhatsApp did have special notifications to warn about any security risks, and that the service had been open about any government related requests, publishing all the information in the Government Requests Report on their Facebook page.

How Can You Protect Your Sensitive Data?

Data privacy has always been at the heart of Akruto. We believe that the more data you have offline, the more of it you have protected. The only way to secure information in 2017 is to stop storing it where you don’t have complete control over it.

If you rely on Outlook in managing your digital life and want to keep your data safe, we highly recommend you try AkrutoSync. With this software you can easily synchronize Outlook with any Android smartphone or tablet, as well as with any iOS device.