It was found in a research that some messages sent through WhatsApp messaging service can be intercepted and read, thanks to a bug.
The bug is known to have come because of the way the application encrypts the messages sent via its service.
Thomas Boelter, a security expert, found that the interception was possible when circumstances called for encryption keys to be reissued, BBC reported.
Mr Boelter told WhatsApp owner Facebook about the issue in April 2016 but it said it was not working on a fix, the report added. In fact, Facebook said that the problem was an expected behaviour.
Articles in The Guardian by privacy campaigners said that bug could be a huge problem to freedom of speech as it could be used by the government or law enforcement agencies to spy on people.
Media reports also suggested that the bug is sort of a “backdoor” intentionally placed in its code to allow the governments to make the firm decrypt messages.
"This claim is false," it said. "WhatsApp does not give governments a 'backdoor' into its systems and would fight any government request to create a backdoor."
Coding Glitch?
The problem crops up when the encryption keys used to scramble messages have to be reissued and resent.
Boelter found that, in certain circumstances, attackers can pose as the recipient of a message and force WhatsApp to reissue keys for scrambling information.
Manipulation of this system is possible by attackers.
Zack Whittaker, security editor at ZDNet, said it was a "stupid and big bug" but played down its seriousness.
Whittaker said that the problem could have emerged because of "bad coding or a favour to good user experience".
In its statement, WhatsApp said it had taken a design decision to implement the re-issuing of keys in this way to preserve millions of messages that would otherwise be lost.
(Source: BBC)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)