Both companies pride themselves in
having state of the art encryption systems and ensure their users that the
communication between each other is secure and no man in the middle attack will
happen.
Sadly enough this was put to test and
several security companies have opposed to these after finding loop holes in
these encryption systems
WhatsApp has the
ability to force the generation of new encryption keys for offline users,
unbeknown to the sender and recipient of the messages, and to make the sender
re-encrypt messages with new keys and send them again for any messages that
have not been marked as delivered.
The recipient is not
made aware of this change in encryption, while the sender is only notified if
they have opted-in to encryption warnings in settings, and only after the
messages have been re-sent. This re-encryption and rebroadcasting effectively
allows WhatsApp to intercept and read users' messages.
This loop hole
discovered by a security researcher in the University of California is he
continued to say that if WhatsApp is asked by the government to surrender its
data this is what it would do.
The vulnerability is
not inherent to the Signal protocol. Open Whisper Systems’ messaging app,
Signal, the app used and recommended by whistleblower Edward Snowden, does not
suffer from the same vulnerability. If a recipient changes the security key
while offline, for instance, a sent message
will fail to be delivered and the
sender will be notified of the change in security keys without automatically
resending the message.
Telegram is also
reported to also be suffering from the same flaws.