A new, and potentially disturbing report, claims the instant messaging service WhatsApp has an intentionally deployed backdoor. The backdoor severely undermines the promise of “End-to-End Encryption” which made WhatsApp very popular.
WhatsApp allegedly has a backdoor that casually breaks down the End-to-End Encryption in order to grant contract workers access to snippets of user content. These contract workers access pieces of users’ content through special Facebook software. The report adds that only content tagged as “Reported by users” is sent for scrutiny by a human.
Has Facebook created or deployed a software backdoor within WhatsApp that undermines End-to-End Encryption?
WhatsApp was one of the first internet-based chat platforms for smartphones. The insanely popular instant messaging platform works on iOS iPhone as well as Android devices.
The platform is quite standard, and even its competitors such as Telegram, Signal, and many others had similar features. However, what sets WhatsApp a class apart is the End-to-End Encryption.
— Jesse Eisinger (@eisingerj) September 7, 2021
The feature promises to scramble or encrypt information while it is in transit. Simply put, no third-party agency or person can read or understand the intercepted data.
A new report, however, claims Facebook, the owner of WhatsApp, has intentionally embedded a software backdoor. This deliberate security compromise allegedly allows certain individuals access to unscramble user chats and messages.
How Facebook undermines privacy protections for its 2 billion WhatsApp users https://t.co/IQCBVRWdO2
— jackie callahan (@crutchfoot) September 7, 2021
The report adds a confidential whistleblower complaint filed last year with the U.S. Securities and Exchange Commission that had already exposed the presence of the software backdoor. The complaint details WhatsApp’s extensive use of outside contractors, artificial intelligence systems, and account information to examine user messages, images, and videos.
Only “Reported” chats are visible in unscrambled format?
As per the potentially explosive report, over 1,000 contract workers in Austin, Texas, Dublin, and Singapore go through “millions of pieces of users’ content.” The workers can access these messages only through special Facebook software.
The report clearly implies humans can go through private messages, photos, and videos. But it adds that only those messages that users “Report” as improper are sent to humans for verification. Strangely, Facebook’s AI system reportedly follows human access.
Irish Regulator Fines WhatsApp $266 Million for Breaching EU Privacy Regulations https://t.co/YHow9EZYnw #infosec #infosecurity #cybersecurity #threatintel #threatintelligence #hacking #cybernews #cyberattack #cloudsecurity #cloudcomputing #malware #ransomware
— CyberIQs (@CyberIQs_) September 7, 2021
A WhatsApp spokesperson has reportedly issued a statement, which reads:
“Every day WhatsApp protects over 100 billion messages with end-to-end encryption to help people communicate safely. We’ve built our service in a manner that limits the data we collect while providing us the ability to prevent spam, investigate threats, and ban those engaged in the worst kind of abuse. We value our trust and safety team who work tirelessly to provide over two billion users with the ability to communicate privately.”
— Tech Talk (@TechTalkWeb) September 7, 2021
This statement seems to contradict the explosive claims made in the report. As WhatsApp has maintained that it uses end-to-end encryption, no “moderators” should be able to see the contents of any messages. By its very nature, end-to-end encryption ensures only the sender and the recipient have the ability to decrypt messages.
"In public statements and on the company’s websites, Facebook Inc. is noticeably vague about WhatsApp’s monitoring process."
You can say that again.
The EDPB's Binding Decision reminded me just how opaque and confusing WhatsApp's public-facing privacy information can be. https://t.co/isUn93hfsD
— Robert Bateman (@RobertJBateman) September 7, 2021
Incidentally, WhatsApp chats and messages are already available in unencrypted form. The platform encrypts, transports, and decrypts the chat between users.
However, all backups, presumably on Google Drive, are currently in unencrypted format. Facebook did indicate that WhatsApp chat and messaging backups too will be encrypted.