Whatsapp end-to-end encryption has been announced earlier this week, Leading almost everyone to believe that their messages are now secure from hackers, governments and the company it self. Where as this claim is as fake as Kim Kardashian’s Booty.
Let’s discuss end-to-end encryption and how it works, according to wikipedia “End-to-end encryption (E2EE) is a system of communication where only the people communicating can read the messages. No eavesdropper can access the cryptographic keys needed to decrypt the conversation, including telecom providers, Internet providers and the company that runs the messaging service. Surveillance and tampering are impossible because no third-parties can decipher the data being communicated or stored. For example, companies that use end-to-end encryption can’t hand over texts of their customers’ messages to the authorities.”
It really Sounds good so far, the encrypted messages can’t be intercept as they’re being encrypted using shared key, between the send and the receiver, but it all clashes down when the same wikipedia article about end-to-end encryption list the challenges that face this process like Man-in-the-middle attack and Endpoint security.
Let’s discuss how End-to-end encryption ensures that data is transferred securely between the sender and the receiver. Before sending messages from one device to another, the sender requests the public key of the receiver. then The algorithm requires the sender to encrypt the data with the the reception’s public key, and then this encrypted data can be decrypted and transformed into normal text using the receiver’s private key.
This process makes decrypting the data impossible unless you have the receiver’s private key .
Therefore even without physical access to the victims devices, Hackers can impersonate a message recipient, during key exchange by substituting their public key for the recipient’s to read the messages. After reading the message, the hackers can once again encrypt this data using the original reception’s public key, to send the messages and avoid detection. Although many protocols and additional measurements can be used to make the hackers job harder, end-to-end encryption is never guaranteed to be full proof.
If in anyway hackers gain access to the victim’s device, they can simply get their private key, and be able to decrypt those messages. Even the most perfectly encrypted platform’s communications are as secure as the user’s devices, and with the rise of new malwares every single day, nobody is safe.
Whatsapp is still able to monitor your messages
Despite the current commercial propaganda, your public and private key are being generated using whatsapp’s algorithm. Which means that Whatsapp is still in control of the security of your messages, they can get your private keys, more over they can provide backdoors for governments and affiliates to spy on you.
“In 2013, information leaked by Edward Snowden showed that Skype had a back door which allowed Microsoft to hand over their users’ messages to the NSA despite the fact that those messages were officially end-to-end encrypted.” source: wikipedia
WhatsApp end-to-end encryption as fake as Kim Kardashian’s booty
Do not take companies promises to keep your data safe seriously, even if Whatsapp means well, this article highlights details on WhatsApp end-to-end encryption that everyone else is afraid to tell you. This article is based on the end-to-end encryption page on wikipedia, and on my modest knowledge in the hacking world. I’ve hacked banks and companies that claimed high security in the past, just to prove a similar point.