The makers of cross-platform smartphone app WhatsApp faced allegation of using the same encryption key on both sides of a conversation making it easy for cryptographers to decrypt WhatsApp messages that travel over Internet. The accusation has come from a computer science student at Utrecht University in the Netherlands along with several cryptographers who have reviewed his work. They said that the app appears to contain long-documented weakness as it uses the same encryption key on both sides of a conversation. “You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort,” wrote Thijs Alkemade, Utrecht computer science and mathematics student on his blog post on Tuesday.
He also wrote that if the users consider their previous WhatsApp conversations compromised then there is nothing a WhatsApp user can do about this, except for stop using it until the developers fix the issue. The computer science and mathematics student Thijs posted all these details on his blog along with some documents with vulnerable crypto scheme in the Android version of WhatsApp.
The WhatsApp is currently one of the most popular mobile apps used by millions of people across the world, who exchange over 27 billion instant messages every day. If the researchers are to be believed then this matter questions the privacy of WhatsApp user as the cryptographers can easily decrypt WhatsApp messages that travel over the Internet and other channels that can be monitored. On the other hand, the WhatsApp developers and company CEO Jan Koum believes that this matter is unnecessarily sensationalized and overblown. “WhatsApp takes security matter seriously and is continually thinking of ways to improve our product. We appreciate customer feedback, we are concerned that the blogger’s story describes a scenario that is more theoretical in nature,” says company CEO Koum.
The WhatsApp officials downplayed Alkemade’s assessments; however, several other researchers who reviewed the work done by the student have their complete support with the student. They wrote in a discussion on Twitter that it is an extremely bad flaw that risks the privacy of millions of users and the attackers does not need to be in the middle or to have any influence over the messages.