WhatsApp's lack of encryption is the kind that the "NSA would love"

Facebook may have just purchased WhatsApp for $16 billion, but it looks like the encryption used by the company is lacking, big time.

| Feb 22, 2014 at 10:27 pm CST

While Facebook might be acquiring WhatsApp for a hefty $16 billion, it looks like the messaging application company might not be too good with encrypting its messages. With over 450 million active users, this becomes quite the user base for government spies, hackers, and more.

WhatsApp's lack of encryption is the kind that the NSA would love | TweakTown.com

WhatsApp's use of secure sockets layer (SSL) encryption is meant to support version 2 of the protocol, which is capable of being hacked into, and monitored by a third-party. The messages being flown back and forth between WhatsApp users can even be manipulated. WhatsApp has failed to use a technique known as certificate pinning, which is designed to block attacks using forged certificates to bypass Web encryption.

Pinning allows an app to work only when communicating with a server using a specific certificate, and because this certificate is hardwired into the app, it will simply reject connections with any other attempts of a false certificate. Security consultancy firm Praetorian, has chimed in, with Paul Jauregui writing: "This is the kind of stuff the NSA would love. It basically allows them-or an attacker-to man-in-the-middle the connection and then downgrade the encryption so they can break it and sniff the traffic. These security issues put WhatsApp user information and communications at risk".

Last updated: Jun 16, 2020 at 04:29 pm CDT

NEWS SOURCE:arstechnica.com

ABOUT THE AUTHOR -

Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering.

Related Tags