Your encrypted WhatsApp messages can be read by anyone

Secret WhatsApp backdoor allows snooping on encrypted messages

Ever since WhatsApp announced end-to-end encryption of chats, every WA user thinks that their private chats are safe from snooping but it is not so. There exists a secret security backdoor in WhatsApp encryption that can be used by Facebook and others to intercept and read all encrypted messages.

The top secret WhatsApp backdoor was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. Tobias told the Guardian that “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.” The cryptographer discovered the security backdoor in WhatsApp and said that Facebook and others could potentially intercept and read encrypted messages in the app.

Facebook has refuted Tobias claims and said that no one can intercept WhatsApp messages, not even its own staff. But the facts and the data provided by Tobias proves otherwise. WhatsApp uses end-to-end encryption that generates unique security keys using the Signal protocol, created by Open Whisper Systems. WhatsApp provides offline users with encryption keys and can make the sender re-encrypt messages with new keys and send undelivered messages again. The recipient isn’t notified about the change in encryption, while the sender is made aware only if they previously opted-in to encryption warnings under settings and only after the messages have been re-sent. This small backdoor in the re-encryption method gives anybody who has knowledge including Facebook and WhatsApp full access to user’s message.

The backdoor is limited to WhatsApp and does not effect Signal protocol. Open Whisper Systems’ messaging app, Signal, the app used and recommended by whistleblower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message. However, in the case of WhatsApp, the undelivered message is sent with a new security key and thus give its staff access to them, Facebook or anybody with the knowledge.

Tobias had informed Facebook and WhatsApp about the secret backdoor way back in April 2016. Facebook had told the cryptographer that it was a known issue, describing it as “expected behavior”.

Subscribe to our newsletter

To be updated with all the latest news


  1. How do i get rid of WhatsApp permanently, immediately so i can have my phone, email,messages privacy. That i should have all the time.?

  2. I am going to keep posting everything, everywhere until i have FULL PRIVACY. This is the United states of America. Well we do have rights or do we?


Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post