The Guardian found itself in hot water after publishing a purportedly explosive story, claiming that WhatsApp has a backdoor that can compromise the security of its users. A group of security experts has already branded the story false, going as far as calling for its retraction.

WhatsApp's Expected Behavior Controversy

In a Jan. 13 piece, The Guardian's Manisha Ganguly wrote that research conducted by privacy campaigners revealed that a feature in WhatsApp has a security vulnerability that could enable Facebook or the government to intercept and read encrypted messages.

The report has been dubbed as a bombshell because WhatsApp has been considered one of the gold standards for secure instant messaging due to its end-to-end encryption feature. Ganguly dutifully pointed this out to underscore the purported exploit to the app's Signal protocol.

According to the report, WhatsApp can generate new encryption keys for offline users and the process can take place without the knowledge of its users. This is said to enable WhatsApp to read sent and received messages and even share data with others when compelled.

The flaw was reportedly spotted by Tobias Boelter, a security researcher at the University of California Berkeley.

Misinterpreted Encrypted Messaging Feature

The consensus from critics is that the article misinterpreted the so-called vulnerability. The reason is that it is actually a feature called "expected behavior" that aims to increase reliability for its users who have different priorities.

WhatsApp explained that this feature is a design decision that is intended to minimize the risk of losing messages in transit in certain conditions such as when users change phones or SIM cards.

Zeynep Tufekci, an academic and one of the most vocal critics, particularly noted how Ganguly's report based its scathing critique on the comparison between the manner by which WhatsApp and Signal, another secure messaging app, handle encrypted messages.

Tufekci pointed out that the expected behavior makes WhatsApp more reliable than Signal, which immediately blocks a message at any sign of hiccup. She is backed by the world's top cryptographers, who signed an open letter decrying the contents of The Guardian's report.

In a Mashable report, Tufekci also referred to Boelter as a well-meaning graduate student whose inexperience and desire to discover an issue in one of the world's popular apps led him to overestimate in making his claims.

Endangering Lives

Due to the backlash, The Guardian was forced to amend its article, removing the backdoor label, recognizing that the app does not give governments a backdoor to the WhatsApp system.

Tufekci has not been mollified. In her Twitter account, she called on The Guardian to retract the story, citing that it has placed lives at risk. According to her, The Guardian's story has sent many of these users scrambling for other alternatives, which could turn to be less secure, endangering their lives in the process.

Secure messaging apps like WhatsApp are often used by individuals in repressive states.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion