WhatsApp may be the world’s most popular messenger service, offering end-to-end encryption for chats, which is considered safe. However, its biggest weakness has been exposed and hackers can target users from there. WhatsApp chats reportedly have one security loophole that could be exploited by hackers or malicious actors that is yet to be fixed by the company. The WhatsApp feature is related to handling of user’s backups when they are uploaded to the cloud, according to a recent report. And cloud services too are susceptible to hacking, thereby putting WhatsApp at risk.
How WhatsApp security works: WhatsApp allows users to backup their chats to their devices (local backups) as well as to the cloud (Google Drive for Android, iCloud for iPhone), and while the app offers end-to-end encryption for chats, the protection is lost as soon as you upload your chat backups to the cloud. End-to-end encryption is a way of protecting WhatsApp data in such a way that only the intended sender and recipient can see images, calls, messages or any content – not even the service provider can see your message.
How hackers can access WhatsApp users chats: Now, an expert has pointed out to The Mirror that WhatsApp users are at risk of hackers gaining access to all their messages that are uploaded to the cloud, as any malicious actor who is able to access their Google account could see their texts which will not being protected by end-to-end encryption in the cloud.
What WhatsApp is doing to keep users safe: The good news is that WhatsApp seems aware of this issue, as it is reportedly working on encrypting chat backups locally, before they are uploaded to the cloud. The feature was first spotted by WABetaInfo and appeared on the beta testing channel for a brief period of time. Users will have to use a passphrase that will “unlock” their device backups, which will help keep attackers at bay. If WhatsApp users forget their passphrase, they might be able to enter a 64-digit recovery key to unlock the backup.
How to keep WhatsApp chats safe: In the meanwhile, WhatsApp users can stay safe by using disappearing messages, the recently released ‘view once’ feature for text, photos and video messages is live on the app. These features allow users to send and receive ephemeral messages that are not stored on the device or backed up to the cloud, which will reduce the risk of their personal data being stolen if their account is compromised. They should also enable two-factor authentication for both WhatsApp and their Google account where the chat backups are stored.