The encrypted instant messaging platform “WhatsApp” launched an encryption system that it described as “more confidential” for messages that are already “encrypted.”
Business Today reported that the new WhatsApp update will enable users to add a “secret code” to lock a specific chat, to make your conversations more private.
Through this feature, a unique password can be added that is different from what a person uses to unlock their phone or even to open the application itself, to provide an additional layer of protection for locked or sensitive conversations.
Mark Zuckerberg, CEO of Meta, called the new feature “Chat Lock,” which prevents anyone from accidentally discovering your most private conversations.
Users can also choose to hide the Locked Chats folder from their chat list, making it discoverable just by entering the secret code in the search bar.
For more flexibility, users can choose to display the Locked Chats folder in their chats list.
They can now long press on a conversation to lock it, eliminating the need to go to chat settings.
This development aims to make it more difficult to access chats for anyone with access to a phone or those who share a device.
The Guardian Report on whatsapp encryption
The Guardian report, which describes the vulnerability as a “backdoor”, notes that independent security researcher Tobias Boelter identified the issue in April 2016, when he says he reported it to Facebook, only to be told it was “expected behavior”, and that the company was not actively working on fixing it. The newspaper says it has verified the vulnerability still exists.
Despite being a mainstream messaging app, WhatsApp has gained praise from security experts for implementing the respected end-to-end encryption Signal Protocol across its platform — completing its roll out of end-to-end encryption in April last year. Yet the company’s code remains a closed source, which means users have always been required to trust its claims with no ability for external audits of its code (although it’s also worth noting that WhatsApp did work with Open Whisper Systems (OWS), the organization behind the Signal Protocol, to implement the e2e crypto across the platform).
The security issue identified by Boelter, and reported on by the Guardian now following his giving a talk about it at the end of last month, concerns an aspect of WhatsApp’s Signal implementation that allows it to force the generation of new encryption keys for offline users. This is described as a “retransmission vulnerability” by Boelter and claimed as a route for messages to be intercepted and read — and thus as a potential backdoor in WhatsApp’s end-to-end encryption.
However, WhatsApp denies the backdoor characterization, saying it’s a design decision relating to message delivery, with new keys being generated for offline users to ensure messages don’t get lost in transit.
“The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false,” said a company spokesperson in a statement sent to TechCrunch.
“WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks. WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report,” it added.
Multiple security commentators have also pointed out that the vulnerability being flagged here is nothing new — but rather a rehashing of the long-standing issue of how key verification is implemented within an encrypted system.
Also Read: https://usateller.com/3811-2-ceos-of-meta-questioned-in-congress/
