Last year Whatsapp introduced a new feature called end-to-end encryption to it and it made the message unreadable to anyone who wants to hack your data or from the person receiving but a shocking report has been published by Guardian(British News Service). The News Service revealed that the way by which WhatsApp has implement end-to-end encryption, they can read the messages.
Facebook(Owns WhatsApp) claims that no one can read the encrypted messages. Not the staff and employees but a new research show that the company can easily read the so-called encrypted messages due to the implementation of end-to-end encryption.
WhatsApp end-to-end encryption uses unique security keys which are traded between the users chatting so that their message remain secure and encrypted but the company does have the ability to generate new encryption keys for offline users letting the sender and the receiver untold. The service re-encrypts the messages which were not delivered before by the sender and during this, Whatsapp can intercept and read the messages and contents of it without the knowledge of users. The sender can enable this option to notify him/her but the recipient will never know when WhatsApp intercepted.
This flaw can lead to many things and also WhatsApp can give our information to the Government and Secret Agencies. Some call it “a gold mine for security agencies”. WhatsApp uses Signal protocol developed by Open Whisper Systems. Open Whisper System messaging app is recommended by Edward Snowden and this flaw is not found in Open Whisper System’s app(Signal) because if a recipient changes the key while being offline then the message will not be delivered and the sender will be notified about the change in the security keys and the message will not be sent automatically.
This is all WhatsApp’s implementation of this which automatically resends the messages undelivered with a new encryption key without letting the sender know or giving them the choice to prevent the automatic sending of message again.
This loophole was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. Boelter informed Facebook about it in April 2016 but the company said that it knows about this issue and called it an “expected behavior“. and is not working to fix it.