After introducing "end-to-end encryption by default" last year, WhatsApp has become the world's largest secure messaging platform with over a billion users worldwide.
But if you think your conversations are completely secure in a way that no one, not even Facebook, the company that owned WhatsApp, can intercept your messages then you are highly mistaken, just like most of us and it's not a new concept.
Let's Understand the With A Simple Scenario:
Suppose user A and B want to chat, and for which WhatsApp has automatically exchanged their public keys through its server.
Now every message sent from user A will get encrypted using the private key of A and the public key of B, which can be decrypted by user B only, using the public key of A and the private key of B.
Suppose: User B is offline, and user A has sent some messages to user B. But meanwhile, for some reason, the user B had to change the device and reconfigured same Whatsapp account on it. A fresh installation will force user B to re-generate new public and private keys pair for the same account.
And, later, whenever user B will come online again, the device will receive rest of the undelivered messages sent by A.
But How user B can decrypt messages, which were supposed to be encrypted using the old public key of B ?
That's because, when user B comes online again, Whatsapp automatically exchange new keys b/w users without informing them and to successfully deliver same messages, WhatsApp of A will re-encrypt them using the newly received public key of B.
This is where the all get wrong.
If a hacker (suppose user C) intentionally replace the public key of B with its own, all undelivered messages will get automatically re-encrypted and delivered to C, which can only be decrypted by private key of user C (hacker).
source : The Geek App By Alien Skills
No comments:
Post a Comment