WhatsApp Backdoor!


Not too surprisingly, given that WhatsApp is owned by Facebook, a report published today proves that a backdoor has been incorporated into the software, permitting a third party to change encryption keys for offline users. See here:

and here:


These headlines are a little clickbait-ey.

Presumably to allow users who have reinstalled WhatsApp or who moved to a new device, WhatsApp silently permits changing the keys for an offline user and rerouting messages to another device. This helps make sure users receive their messages, but it can also be exploited for individual messages. In other words, it sounds like another example of a routine security vs. ease-of-use tradeoff.

This is a real problem, but is it a backdoor? I don't think so.

Edit: Related post from Moxie.


Thanks for posting that clarification. I searched for more info on that report before posting it and I found nothing at the time. I do wonder though how often users change devices or re-install the app


Semi frequently. If a contact's key changes, it's always best practice to verify fingerprints (or "safety numbers") for the new key, to make sure that you're talking to the person you think you're talking with.

As @mshelton already pointed out, it's pretty shoddy of the Guardian to describe this as a "backdoor."


A growing number of security engineers, researchers, and cryptographers are also signing onto an open letter asking the Guardian to retract its story.


Thanks for the clarifying article, comment from Moxie and the explanations from Martin and Ethan. I'm still a Signal partisan just because of the Facebook-WhatsApp corporate connection


Ethan, Martin or anybody else, can you please explain this? Since WhatsApp, delivers the message to its intended recipient, even if the key changes, how can it be decrypted if the key changed???


My understanding is:

1.) Alice's phone falls into a river.

2.) Bob sends an encrypted message to Alice, which is not delivered, since the WhatsApp server can see that her phone is offline. The server waits for her phone to come back online, so that it can deliver the message.

3.) Alice buys a new phone (she keeps her old phone number), installs WhatsApp, registers the app with her phone number, and generates a new long term identity key pair.

4.) The WhatsApp server sees that a new device has been registered to Alice's phone number.

5.) The WhatsApp server tells Bob's phone that Alice has a new long term identity key pair.

6.) Bob's phone re-encrypts and re-transmits only the undelivered messages, which are delivered to Alice's new phone.

So, an attacker who can spoof Alice's phone number can read messages that were waiting to be delivered at the time when the attacker spoofs her phone number. There would only be undelivered messages on the server if Alice's phone is offline for some period of time, just prior to the attack.

This is not particularly useful for an attacker, as other, more qualified people, have already pointed out.

You also may want to read this analysis by Frederic Jacobs, who co-authored the first release of Signal's iOS client:




Thanks for the link and for the explanation.

Here's what Bruce Schneier reports:
This is followed by a long, interesting (and sometimes opaque) thread. Many comments suggest that a NSL to Facebook could be the key vulnerability.

Here's a nice summary of the good and bad points of each method:

Thanks again,


A comment from Julia Angwin excerpted from a ProPublica article:
**please note that WhatsApp has said it will share users’ address books with its parent company, Facebook, unless they opted out of the latest privacy update.

Of course, people who receive your messages can still screenshot and share them without your permission. On Signal you can make it slightly harder for them by setting your messages to disappear after a certain amount of time. In WhatsApp, you can turn off cloud backups of your chats, but you can’t be sure if others have done the same.**