Psst! Consider all your previous WhatsApp conversations compromised

Posted by


Thijs Alkemade is a computer science and mathematics student who says he has taken time to poke into how WhatsApp encrypts messages. He has published his findings in a highly technical blogpost. It is a lot of Greek to the average person, so I won’t rehash all the technical stuff here. I am not that technical myself, so I have no idea how everything that he states there pans out. However, he has advice that is worded in English:

You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but except to stop using it until the developers can update it.

The more technically inclined can go through the entire post: Piercing Through WhatsApp’s Encryption. Apparently, in response to this, CrackBerry reached out to rival platform, BBM’s official, Andrew Bocking, who had this to say:

I can’t really speak to all of the technical aspects of the WhatsApp system. However people can rest assured that BBM remains a trusted private social network. Where other services may be vulnerable to unwanted snooping or eavesdropping, BBM increasingly uses standard TLS deployment to remove that vulnerability from our service. TLS is a well-known, well-studied protocol. To put it in every day context, this is the same technology used for internet banking.quotes

Should you be alarmed that your previous WhatsApp messages are compromised? It depends. If all you have been doing is keeping in touch with your pals and exchanging harmless banter, I would say, No. However, if you have been planning world domination….. Okay, that’s extreme. Let’s back up a bit. If you have been sharing user login details to vital accounts and things like that, well….there you go.


  1. More points on the board for bbm. Hope they cash in on this hole and justify their continued existence.

  2. For most people using WhatsApp, these security alarm isn’t for them. Most people use WhatsApp for keeping IBB touch as you noted and the few people that may be passing sensitive data through the system had better look for alternative means of communication.

    This is certainly going to be a dent on their security system but probably corporate bodies using it will have to worry. I will simply consider WhatsApp security in the same light as Facebook even though I believe WhatsApp is a lot better security wise. That’s to say, very sensitive data shouldn’t go through WhatsApp just like Facebook.

  3. Security of data (as well personal security) is a mirage in the information world.

    We hear of security breaches so regularly and persistently that it is now boring stuff.

    You have email accounts compromised. How are we sure all those cloud services are not sniffling through our data? Can Google be trusted regarding what else they do with our emails, apart from using it to target ads?

    What of Twitter, Facebook, etc?

    While we need to take reasonable precautions, short of abandoning all electronic channel of communication, our privacy is something we must (predominantly) be ready to kiss good bye.

    Any great tool has the ingredients of great abuse.

    Such is this case of ICT..

  4. @eye_bee_kay.

    We are talking of I.M not social media. You just dont want to accept that bbm is the safest I.M around, its so safe that countries have to FORCE blackberry to grant them access to it, remember india, saudi arabia etc incidence? At least other countries are immune to spies and hacks on bbm UNLESS the country of destination wants access.

  5. // We are talking of I.M not
    social media.//

    So IM is not social media.?
    Communication is communication is…

    We are talking of communication, and how it compromises our security.

    Let’s widen our view , somewhat

    If you BB can be forced or coerced by governments to grant access, same scenario. loss of privacy.

    If. Boko Haram. bombs you to death or Syria asphyxiates you with poison gas, death is death.

    You catch the drift?

  6. “If you BB can be forced or coerced by governments to grant access, same scenario. loss of privacy.”

    To my knowledge that hasn’t happened before, those places BlackBerry had to pack out and stop their services simply because the government asked for access to their encryption, and they couldn’t compromise. BBM is pretty much secure, it’s probably only rivalled by iMessage

Leave a Reply

Your email address will not be published. Required fields are marked *