Well-known cryptographer Moxie Marlinspike has slammed the Guardian for publishing what he described as a "false" report claiming that the end-to-end encryption used by WhatsApp has a backdoor.
Marlinspike was moved to comment because WhatsApp uses the Signal Protocol developed by his company, Open Whisper Systems, that created the secure Signal messaging app.
Like every other secure messaging app, WhatsApp relies on private and public keys to encrypt a message to a user. When a new device is used or when the app is reinstalled, new keys are generated. The user will be notified of such changes if he/she has changed the settings accordingly.
Any messages that have been backed up for sending while a phone is offline will be sent once it comes back online.
{loadposition sam08}In its report, the Guardian claimed that when a change like this took place, the re-encryption and rebroadcasting allowed WhatsApp to intercept and read messages.
But Marlinspike pointed out that "the WhatsApp clients have been carefully designed so that the WhatsApp server has no knowledge of whether users have enabled the change notifications, or whether users have verified safety numbers. WhatsApp could try to 'man in the middle' a conversation, just like with any encrypted communication system, but they would risk getting caught by users who verify keys".
He said in normal circumstances, when communicating with someone who had changed devices or reinstalled WhatsApp, it might be possible to send a message before the sending client discovered that the receiving client has new keys.
"The recipient's device immediately responds, and asks the sender to re-encrypt the message with the recipient's new identity key pair. The sender displays the 'safety number has changed' notification, re-encrypts the message, and delivers it," Marlinspike said.
He added that the WhatsApp clients had been carefully designed so that they would not re-encrypt messages that had already been delivered.
"Once the sending client displays a 'double check mark', it can no longer be asked to re-send that message. This prevents anyone who compromises the server from being able to selectively target previously delivered messages for re-encryption.
"The fact that WhatsApp handles key changes is not a 'backdoor', it is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system," Marlinspike said.
He pointed out that while the Guardian had put very little effort into verifying its technical claims, adding "even though we are the creators of the encryption protocol supposedly 'backdoored' by WhatsApp, we were not asked for comment".
"Instead, most of the quotes in the story are from policy and advocacy organisations who seem to have been asked 'WhatsApp put a backdoor in their encryption, do you think that's bad?'"
This does not mean that WhatsApp user data is not shared with its owner Facebook, with the social media announcing last year that this would be the case.