WhatsApp Vulnerability Opens Door to Government Monitoring
The Intercept uncovered one of the worst WhatsApp security issues, as it allows governments to monitor its citizens.
- Through “traffic analysis,” authorities can discern who users communicate with, their private group memberships, and possibly their locations.
- Meta employees fear that state actors, potentially including Israel, might exploit this vulnerability, raising fears of targeted surveillance.
Meta has failed to disclose a vulnerability in its WhatsApp that allows governments to monitor user activities, reports The Intercept.
Back in March, WhatsApp engineers warned their higher-ups that there was a vulnerability in the app that could potentially allow governments to keep track of user activity. The messages remain encrypted, stopping them from reading the contents. This is one of the worst WhatsApp security issues, second only to Lavender AI.
However, through their access to the internet infrastructure, the authorities can conduct a ‘traffic analysis,’ during which they surveil internet traffic on a large scale. According to the previously unreported threat assessment obtained by The Intercept, by bypassing the encryption in this way, authorities can discern three key pieces of information about you: who you are talking to, which private group chats you are a member of, and where you are.
The document does note that several messaging platforms have it as well. But the security team urged the company to act. They wrote, “Our at-risk users need robust and viable protections against traffic analysis.”
This report is no longer in some executives’ desk drawer, rotting away, because several Meta employees were concerned. They feared that certain state actors were already exploiting this WhatsApp security issue.
Four employees told the news outlet that they think that Israel is already exploiting this susceptibility to monitor Palestinians and determine who they will target next.
Meta spokesperson Christa LoNigro dismissed the issue, stating that “WhatsApp has no backdoors” and lacks evidence of vulnerabilities. She went on to emphasize that the issue is “theoretical” and not exclusive to WhatsApp. However, when asked if the company looked into the four employees’ claims regarding Israel’s actions, LoNigro remained silent.
There are a dozen reports out there detailing how certain states monitor their citizens, whether they like it or not, to keep them in check. Russia does it. So does China. And since October 7th, reports of Israel’s tactics have been coming up, from GPS disruption to sophisticated drones and everything in between. They even have Lavender, a specialized AI that calculates the next target.
The internal assessment explains just how important metadata is to intelligence agencies across the globe. For them, a message is not just about the letters and numbers in it. By analyzing who is communicating with whom, these agencies can map out social networks and suspicious activity. In 2014, when explaining the National Security Agency’s (NSA) actions, its former head, General Michael Hayden, admitted, “We kill people based on metadata.”
Even if Israel is not using this WhatsApp security issue yet, it’s there. Its mere existence makes it not “theoretical”. Meta has fought tooth and nail to convince people that their data is safe in the company’s hands. However, they were so dismissive of security assessment reports that their employees felt the need to blow the whistle. That begs the question of what other security issues are there in WhatsApp’s closet.
What other vulnerabilities has the security team reported just for the executives to wave a dismissing hand at? Vulnerabilities that could lay us bare at the feet of those who crave control and dominion.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.