The head of Meta owned WhatsApp, Will Cathcart, has come out to publicly state that there is no confirmed evidence of a vulnerability in WhatsApp’s end-to-end encryption (E2EE). WhatsApp uses end-to-end encryption, which has been around since 2016. This means only you and the people you chat with can see your messages.
Claims had surfaced of a WhatsApp E2EE vulnerability that allows government agencies to access and analyse contents of users conversations. The Intercept, in an article, had claimed the E2EE vulnerability currently allows government agencies to identify WhatsApp users’ patterns of interaction, to understand how people connect, groups they are a part of, and even pinpoint user locations.
Further, the article claims that the vulnerability, which allows “traffic analysis”, is currently used by the Israeli government to pick assassination targets in Gaza. The WhatsApp E2EE vulnerability was raised via an internal communiqué in March by its security team. Will Cathcart stated,
“We debate possible or emerging threats internally – sometimes quite energetically – because that’s how we find ways to add even more security to WhatsApp.”
With nearly 3 billion projected users by June 2024, WhatsApp is a crucial platform for global communication. Hence, Security, privacy, and user safety should be top priorities for WhatsApp.
The head of WhatsApp claimed the “article risks a ton of confusion for people who rely on end-to-end encryption”. Cathcart assured users that these discussions are natural, reflecting the evolving internet landscape. He urged them to continue using WhatsApp.
Further, he reminded users of Meta’s commitment to continually ship new security features and improvements. For example, he picked last year’s introduction of call relaying feature to hide user IP addresses between calls.
WhatsApp Encryption Fights
It is worth noting that in the past, WhatsApp has fought off requests for backdoor channels by governments. Last year, when the UK was debating its Online Safety Bill, it requested for a bypass of WhatsApp end-to-end encryption. Meta threated to cease operations in the country. The UK government was forced to shelve the plans.
Early this month, WhatsApp told the Indian government the same thing. India passed a law in 2021 requiring the “traceability” of messages. Fearing a violation of its end-to-end encryption technology, WhatsApp threatened to leave the populace country.
However, concerns have been raised about the potential for traffic analysis on WhatsApp before. In May 2022, The Intercept again claimed it had obtained documents showing a WhatsApp E2EE vulnerability was used to identify communicating parties.