Open Whisper Systems defends Whatsapp against 'backdoor' claims
Now, a report by The Guardian cites a security researcher claiming that its implementation is open to being backdoored or hijacked by government agencies. Whatsapp, and the people who helped design the implementation for its secure messaging, state this isn't the case, and instead, reflects a user experience design decision that isn't putting users at risk.
Whatsapp's secure messaging was implemented with help from Open Whisper Systems -- makers of the secure messaging app Signal -- and on its blog, the company explains how things work. Based on its Signal Protocol (also used for encrypted messaging in Google's Allo), each client is identified by a public key that's shared with other people, and a private key on the device. Because people change phones, or uninstall and reinstall apps, the pair of keys can change. Users can ensure their communication is secure by checking the security code displayed on each end, if it matches, then they can be sure their messages aren't subject to a man-in-the-middle (MITM) attack by a third party.
A number of security professionals have chimed in to agree, including Frederic Jacobs, who helped design the protocol being used. For users, the most responsible thing to do seems to be to turn on notifications, and check your security codes regularly.
No comments: