Accusations are flying that the popular instant messaging service WhatsApp may have very basic vulnerabilities when sent via WiFi.
A security researcher said he has found an encryption flaw that makes it possible for adversaries to decrypt communications sent with WhatsApp, a cross-platform smartphone app that processes as many as 27 billion instant messages each day.
WhatsApp developers say messages are “fully encrypted,” and company CEO Jan Koum told Ars that Tuesday’s vulnerability report is “sensationalized and overblown.” But a computer science student at Utrecht University in the Netherlands—and several cryptographers who have reviewed his work—said the app appears to contain long-documented weaknesses, including the use of the same encryption key on both sides of a conversation. As a result, they said, it’s not hard for cryptographers to decrypt WhatsApp messages that travel over Wi-Fi networks or other channels that can be monitored.
