Facebook, mistress of WhatsApp since 2014, said at the time that no one, absolutely no one, without exception, not the Zuckerberg himself could break the encryption end to end of the message, which means that no person beyond sender and receiver should have access to the content of the conversations. But the site The Guardian has revealed that, willingly or unwillingly, the social media giant Facebook-owned WhatsApp has a back door that was still not allowed to be corrected. This “back door” (a piece of code that, if exploited, could allow access to an intruder) allows WhatsApp itself can read messages from users using a peculiar feature that no one can explain why it is not yet corrected and Zuckerberg has been aware of it since April last year. As published by The Guardian, WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, which are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. Willingly or unwillingly, says Tobias Boelter Security-Expert at the University of California, the social network implemented this encryption so that the encrypted messages sent by the application could be decrypted if the social media giant Facebook wants. “If a government agency asks WhatsApp to facilitate message logs,” says Boelter, “the application can provide this information thanks to changing security passwords.” When Boelter speaks of “change security keys” it refers to what is a security hole that can generate new passwords encryption while a user is offline. Facebook, if you want, can do it without anybody knowing by default: neither the sender nor the receiver will know that there has been a change in the security keys. After all, messages received with the new password it can be decrypted without problems because the password has been generated manually and therefore do not need to break any key. The funny thing is that the Signal protocol incorporates precisely a security function aimed at avoiding this security hole. If a user’s security code changes while offline, the protocol automatically blocks the sending of the message and notifies the other person of the situation. So why WhatsApp has overlooked this feature? The answer is a mystery, but Boelter confirmed that Facebook has already long known about this security hole. For one reason or another, Facebook has simply decided not to fix it. But how can we protect ourselves from this controversy encryption? Simply we have to activate notifications safety codes, so that if at some point the code of our contact changes from one moment to another at least we know that we must take precautions against the possibility that there has been a leak in the conversation. The steps to activate this option are:- 1# First of all we have to open the application WhatsApp. 2# Then go to application settings and then click on “Account.” 3# Then we have to enter “Security.” 4# Now there we have to activate the option named “Show security notifications.”
Δ