A vulnerability in Facebook's WhatsApp, a free-to-use messaging application, has been discovered that could allow entire conversations to be intercepted and read, a researcher has claimed.
According to Tobias Boelter, a cryptography researcher at the University of California, Berkeley, the flaws exist in WhatsApp's implementation of its end-to-end encryption protocol. The bugs mean Mark Zuckerberg's technology firm could - theoretically - have access to confidential conversations.
WhatsApp promises its one billion-strong userbase "security by default" and claims to implement strong encryption measures. On its website, the social media giants state: "[When encrypted] only you and the person you're communicating with can read or listen to [messages], nobody in-between."
Yet Boelter, speaking to The Guardian, has said this may not be accurate. As standard, WhatsApp generates "unique security keys" using Open Whisper Systems' Signal protocol and these keys are then "traded and verified" between users to make sure communications stay safe and secure.
However, Boelter found WhatsApp can "force" the generation of new encryption keys for offline users without informing both the sender and recipient, meaning the people in the conversation would no longer be communicating securely.
The process, which the researcher has dubbed "retransmission", allegedly leaves unread messages open to a form of man-in-the-middle attack. The recipient is not made aware of any change in keys, while the sender is only told if an opt-in check box has been ticked in WhatsApp's settings.
The so-called "backdoor" does not affect the Signal protocol itself. On Open Whisper Systems' own messaging application, called Signal, if any unique keys are tampered with the communication will fail to send and both sender and recipient are informed of the changes.
"If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys." Boelter told the Guardian.
He continued: "...consider that the WhatsApp server can just forward messages without sending the 'message was received by recipient' notification (or the double tick), which users might not notice. Using the retransmission vulnerability, the WhatsApp server can then later get a transcript of the whole conversation, not just a single message."
The researcher first reported the flaw to Facebook back in April last year. He was informed a month later: "We were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing."
The Guardian confirmed that, at the time of writing, the bug was still in existence.
In a statement, a WhatsApp spokesperson said: "As we introduce features like end-to-end encryption, we focus on keeping the product simple and take into consideration how it's used every day around the world.
"In WhatsApp's implementation of the Signal protocol, we have a "Show Security Notifications" setting (option under Settings > Account > Security) that notifies you when a contact's security code has changed.
"We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp. This is because in many parts of the world, people frequently change devices and sim cards. In these situations, we want to make sure people's messages are delivered, not lost in transit."
In December 2016, Boelter addressed the Chaos Communication Congress in Germany to discuss his findings. "You might want to call [the flaw] a back-door because it efficiently allows WhatsApp to intercept targeted messages.
"They haven't fixed it," he said, according to a video of his talk posted to YouTube.
News of the so-called backdoor has attracted the ire of numerous privacy and human rights campaigners, who are now warning the bug could be exploited by government agencies to spy on messages without sufficient oversight or accountability.
Jim Killock, executive director of Open Rights Group, told The Guardian: "If companies claim to offer end-to-end encryption, they should come clean if it is found to be compromised – whether through deliberately installed backdoors or security flaws."
Following publication of the report, a number of prominent security experts slammed the findings. "It's ridiculous that this is presented as a backdoor," wrote cryptography expert Frederic Jacobs on Twitter. "If you don't verify keys, authenticity of keys is not guaranteed. Well-known fact."
"I wouldn't call it a backdoor," Sean Sullivan, a security expert at F-Secure told IBTimes UK. "This is a feature implementation that enables a 'smashed window' to grab what's within reach, if anything. At best, only a handful of messages would be at risk before the users are notified the key has changed."
In a statement, a WhatsApp spokesperson said: "The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a 'backdoor' allowing governments to force WhatsApp to decrypt message streams. This claim is false."