In March, the WhatsApp security team reported a serious threat to messenger users. Despite powerful encryption, users are still vulnerable to government supervision. Internal document, received the intercept , claims that the content of the issue 2 Billions of users remains protected, but government agencies can bypass encryption to determine who communicates with each other, find out the composition of private groups and, possibly, even the location of users.
Vulnerability is associated with the analysis of traffic – the method of monitoring networks based on observing Internet traffic on a national scale. The document indicates that WhatsApp is not the only service subject to such a threat. According to the internal assessment, META, which owns WhatsApp, is recommended to take additional security measures to protect a small but vulnerable part of users. These measures may include more reliable traffic encryption, metadata masking and other methods of counteracting the analysis of traffic at the national level.
Against the backdrop of an ongoing armed conflict in the Gaza Strip, a warning of vulnerability caused serious concern among some META employees. WhatsApp employees expressed fears that this vulnerability can potentially be used by Israeli special services to surveil Palestinians as part of their operational programs in the gas sector, where digital observation plays a role in determining goals. Four employees who wished to remain unnamed, reported the interception about the fact that such fears took place within the company. It is important to note that no specific evidence of abuse of vulnerability was presented at that time.
META representative Kristina Lonigro said that WhatsApp has no vulnerabilities and the document reflects only the theoretical possibility that is not unique to WhatsApp.
The document shows how government agents can use access to the Internet infrastructure to observe encrypted communications, which allows us to draw conclusions about who communicates with whom. This is similar to observing the postman, carrying the sealed envelope. The analysis of traffic allows governments to identify individuals participating in conversations, even if the content remains hidden. Metadata, such as anyone, when and where they communicate, have great value for intelligence and military agencies around the world.
The WhatsApp document does not give specific examples of using this method by state actors, but refers to