From Wikispooks
Jump to navigation Jump to search

Group.png WhatsApp  
(Big tech, Corporation)Rdf-entity.pngRdf-icon.png
Parent organizationFacebook
Messaging service owned by Facebook, and about just as untrustable.

WhatsApp Messenger is a freeware, cross-platform messaging and Voice over IP (VoIP) service owned by Facebook.[1] It allows the sending of text messages and voice calls, as well as video calls, images and other media, documents, and user location.[2][3] The WhatsApp client application runs on mobile devices but is also accessible from desktop computers while the mobile device is connected to the Internet. The service requires[4] users to provide a standard cellular mobile number. Originally, users could communicate only with others individually or in groups of individuals, but in September 2017, WhatsApp announced a forthcoming business platform to enable companies to provide customer service to users at scale.[5]

The client application was created by WhatsApp Inc. of Mountain View, California, which was acquired by Facebook in February 2014 for approximately US$19.3 billion.[6] By February 2018, WhatsApp had over one and a half billion users,[7] making it the most popular messaging application at the time.[8] It has grown in multiple countries, including Brazil, India, and large parts of Europe, including the United Kingdom and France.[9]

End-to-end encryption

On November 18, 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the encryption protocol used in Signal into each WhatsApp client platform.[10] Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android, and that support for other clients, group/media messages, and key verification would be coming soon after.[11] WhatsApp confirmed the partnership to reporters, but there was no announcement or documentation about the encryption feature on the official website, and further requests for comment were declined.[12] In April 2015, German magazine Heise Security used ARP spoofing to confirm that the protocol had been implemented for Android-to-Android messages, and that WhatsApp messages from or to iPhones running iOS were still not end-to-end encrypted. They expressed the concern that regular WhatsApp users still could not tell the difference between end-to-end encrypted messages and regular messages.[13] On 5 April 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys.[14] Users were also given the option to enable a trust on first use mechanism in order to be notified if a correspondent's key changes.[15] According to a White Paper that was released along with the announcement, WhatsApp messages are encrypted with the Signal Protocol.[16] WhatsApp calls are encrypted with Secure Real-time Transport Protocol (SRTP), and all client-server communications are "layered within a separate encrypted channel". The Signal Protocol library used by WhatsApp is open-source and published under the GPLv3 licence.[17]

Cade Metz, writing in Wired magazine, said:

"WhatsApp, more than any company before it, has taken encryption to the masses."


On 14 May 2019, the BBC reported that hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in WhatsApp, which said the attack targeted a "select number" of users, and was orchestrated by "an advanced cyber actor". WhatsApp believes the attack was developed by Israeli security firm NSO Group for which a fix is available and has urged all of its 1.5 billion users to update their apps as an added precaution.

WhatsApp promotes itself as a "secure" communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient's device. However, the surveillance software would have let an attacker read the messages on the target's device.

"Journalists, lawyers, activists and human rights defenders" are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.


Amnesty International - which said it had been targeted by tools created by the NSO Group in the past - said this attack was one human rights groups had long feared was possible.

"They're able to infect your phone without you actually taking an action," said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

"There needs to be some accountability for this, it can't just continue to be a wild west, secretive industry."

On Tuesday 14 May, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel's Ministry of Defence to revoke the NSO Group's licence to export its products.[18]


Related Quotation

Backdoor“Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there. Such issues are hardly incidental – they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added”Pavel Durov5 October 2022
Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.


Wikipedia.png This page imported content from Wikipedia on 14 May 2019.
Wikipedia is not affiliated with Wikispooks.   Original page source here