Facebook’s company, which is widely known worldwide as the most accessible app for messaging and talking (video and audio), is WhatsApp. About which it is claimed that its talk is end-to-end encrypted. Despite this, messages sent through this service leak regularly. This proves the company’s claim that the company uses an impenetrable security cover to keep the conversations of its 200 million users private. This also makes it clear that there is such a backdoor or a hack method, with the help of which anyone other than the sender and receiver of the message can infiltrate it. What is that method, why do you need to know?
What is encryption?
WhatsApp has always ensured its users that the photos, videos, messages, documents, and calls sent using its services are completely secure. The question of them falling into the wrong hands does not arise, as they use end-to-end encryption to protect it.
WhatsApp has defined end-to-end in its white paper, saying that end-to-end encryption is the communication between the device of the sender and the device of the receiver. This means that no third party (other people) whether it is WhatsApp or its company Facebook, no one can interfere between the two.
According to WhatsApp, the Signal encryption protocol is used for the flow of the conversation. Which can be considered as a safety lock. Whose key is only with the sender and receiver of the message? The special thing is that this encryption is turned on automatically, there is no need to set any settings to activate it or adopt any method like secret chat to keep your messages secure. This method of signal encryption is a cryptographic protocol developed by Open Whisper Systems in 2013.
Although WhatsApp makes one thing clear about it that the device with the sender and the device with the receiver of the message remain under their control while sending the message comes under end-to-end encryption, but if the recipient of the message is at his end. If it uses a vendor to manage the encryption, it cannot be classified as end-to-end encryption.
How conversations leak
It is also possible by cloning the phone
Recently, in the case of Riya Chakraborty and Aryan Khan, Indian law enforcement officers were able to access their conversations with each other through their phones. The leak here was in fact investigators handing over their phones, after which investigators were able to retrieve deleted conversations on their phones and see them. But there is also a technical back door through which private WhatsApp conversations can be accessed. This can be done by cloning the phone, as the name suggests, in this medium, by creating an exact copy of any phone, that is, by cloning it, all the content present in that phone can be copied.
Then spyware can also be secretly inserted (installed) in the phone, through which all the activities related to the said phone can be continuously monitored. Pegasus spyware was developed by an Israeli company that can access WhatsApp conversations.
But the most common way to access WhatsApp conversations is by backing up conversations in the WhatsApp Store in the cloud. WhatsApp itself no longer provides cloud storage and backup of messages with third parties such as Google Drive or iCloud. Storage in the cloud is not encrypted. And if the user’s cloud storage is hacked, the backup of his conversations can be accessed. However, in September Facebook founder Mark Zuckerberg said that another layer of security is being added to WhatsApp that will provide end-to-end encryption to people who choose Google Drive or iCloud as a backup.
Is there any data that can be accessed by WhatsApp?
There is a constant tussle between law enforcement agencies and WhatsApp regarding this issue. While agencies say that it facilitates investigation of cases and crime can be curbed and controlled in time, WhatsApp believes that it will compromise the privacy and security of users.
The report also mentions metadata that WhatsApp collects, and is not subject to encryption. But still, it contains much information related to the user like location, phone number, etc. It also shares such metadata with law enforcement agencies upon request.