Mounting pressure on the Guardian newspaper, a group of 30 security researchers have co-signed an open letter asking the paper to retract its story that claimed encrypted messages on WhatsApp can be intercepted as the mobile messaging service contained a ‘backdoor’.
“Unfortunately, your story was the equivalent of putting ‘Vaccines Kill People’ in a blaring headline over a poorly contextualised piece,” TechCrunch quoted Zeynep Tufekci, an academic who organised the open letter, as saying.
The letter refutes the Guardian’s assertions, saying they are “very concretely endangering people”.
“My alarm is from observing what’s actually been happening since the publication of this story and years of experience in these areas. You never should have reported on such a crucial issue without interviewing a wide range of experts,” Tufekci added.
The Gurdian recently reported that a security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages had been found within its WhatsApp messaging service.
The security issue was detected by Tobias Boelter, a cryptography and security researcher.
“We are aware of Zeynep Tufekci’s open letter and have offered her the chance to write a response for the Guardian. This offer remains open and we continue to welcome debate,” the Guardian told TechCrunch in a reply.
The co-signatories of the letter include cryptographer Bruce Schneier, The Tor Project’s Isis Lovecruft, security researcher Thaddeus T ‘Grugq’, Mozilla’s Katherine McKinley, the Open Crypto Audit Project’s Kenneth White, and security researcher and author Jonathan Zdiarski.
Arguing that the intercept vulnerability in how WhatsApp handles key retransmission was a small and unlikely threat, the letter said: “WhatsApp’s behaviour around key exchange for unread when phone or SIM cards are changed is an acceptable trade-off if the priority is message reliability.”
WhatsApp has denied the reports that encrypted messages on its platform can be read or intercepted, saying it has a design decision relating to message delivery, with new keys being generated for offline users in order to ensure messages do not get lost in transit.
WhatsApp said that it does not give governments a ‘backdoor’ into its systems and would fight any government request to create one.