Experts warn about the possibility of bypassing encryption to track users.
In March, the WhatsApp security team reported a serious threat to messenger users. Despite strong encryption, users are still vulnerable to government surveillance. An internal document obtained by The Intercept claims that the content of the correspondence of 2 billion users remains protected , but government agencies can bypass encryption to determine who is communicating with each other, find out the composition of private groups and, possibly, even the location of users.
The vulnerability is related to traffic analysis, a network monitoring method based on monitoring Internet traffic on a national scale. The document indicates that WhatsApp is not the only service affected by this threat. According to an internal assessment, the company Meta, which owns WhatsApp, is recommended to take additional security measures to protect a small but vulnerable part of users. These measures may include stronger traffic encryption, metadata masking, and other ways to counteract traffic analysis at the national level.
Amid the ongoing armed conflict in the Gaza Strip, the vulnerability alert has raised serious concerns among some Meta employees. WhatsApp employees expressed concerns that the vulnerability could potentially be used by Israeli intelligence agencies to spy on Palestinians as part of their operational programs in the Gaza Strip, where digital surveillance plays a role in identifying targets. Four employees, who requested anonymity, told The Intercept that such concerns occurred internally. However, it is important to note that no concrete evidence of abuse of the vulnerability was presented at that time.
Meta spokesperson Christina LoNigro said that WhatsApp has no vulnerabilities and the document reflects only a theoretical possibility, not unique to WhatsApp.
The document shows how government agents can use access to Internet infrastructure to monitor encrypted communications, which allows them to draw conclusions about who is communicating with whom. It's like watching a postman carry a sealed envelope. Traffic analysis allows governments to identify individuals participating in conversations, even if the content remains hidden. Metadata, such as who communicates when and where, is of great value to intelligence and military agencies around the world.
The WhatsApp document does not provide specific examples of state actors using this method, but it does refer to reports from the New York Times and Amnesty International showing how countries monitor the use of encrypted messaging apps.
As war becomes increasingly computerized, metadata — information about who, when, and where is negotiating-has become of great value to intelligence, military, and police agencies around the world. "We kill people based on metadata," Michael Hayden, the former head of the National Security Agency, once infamously joked.
It wasn't until the April publication exposing Israel's data-driven approach to war that WhatsApp's threat assessment became a point of tension within Meta.
A joint report by +972 Magazine and Local Call last month revealed that the Israeli army is using a software system called Lavender to automatically authorize the killing of Palestinians in the Gaza Strip. Using a vast array of data on 2.3 million residents of the Gaza Strip, Lavender algorithmically assigns "almost every Gazan a rating from 1 to 100, expressing the probability that they are a militant," the report said, citing six Israeli intelligence agencies. "A person who is found to have several different compromising qualities will achieve a high rating and thus automatically become a potential target for murder."
Concerned that the vulnerability in the company's product could be used to spy on and harm civilians in the conflict zone, some Meta employees organized an internal campaign called "Metamates for Ceasefire"("Meta colleagues - for a cease-fire").
The group published an open letter signed by more than 80 employees who provided their names. One of the requirements of the letter is "stop censorship, stop deleting employee statements inside the company" on this topic.
Successful traffic analysis attacks require all WhatsApp group chat participants or both sides of the conversation to be on the same network and country. While users in countries with proper privacy laws may be considered less vulnerable, the use of such methods of surveillance of telecommunications is noted even in the United States. In the Gaza Strip, the situation is particularly worrisome, as Internet access is controlled by Israeli government agencies, which makes Palestinian users extremely vulnerable to such attacks.
WhatsApp is considering introducing an enhanced security mode for vulnerable users, similar to Apple's "Lockdown Mode". However, this can have the opposite effect, singling out such users and making them even more vulnerable to surveillance.
An internal WhatsApp document makes it clear that a coordinated effort across the company is needed to protect users from traffic analysis.
In March, the WhatsApp security team reported a serious threat to messenger users. Despite strong encryption, users are still vulnerable to government surveillance. An internal document obtained by The Intercept claims that the content of the correspondence of 2 billion users remains protected , but government agencies can bypass encryption to determine who is communicating with each other, find out the composition of private groups and, possibly, even the location of users.
The vulnerability is related to traffic analysis, a network monitoring method based on monitoring Internet traffic on a national scale. The document indicates that WhatsApp is not the only service affected by this threat. According to an internal assessment, the company Meta, which owns WhatsApp, is recommended to take additional security measures to protect a small but vulnerable part of users. These measures may include stronger traffic encryption, metadata masking, and other ways to counteract traffic analysis at the national level.
Amid the ongoing armed conflict in the Gaza Strip, the vulnerability alert has raised serious concerns among some Meta employees. WhatsApp employees expressed concerns that the vulnerability could potentially be used by Israeli intelligence agencies to spy on Palestinians as part of their operational programs in the Gaza Strip, where digital surveillance plays a role in identifying targets. Four employees, who requested anonymity, told The Intercept that such concerns occurred internally. However, it is important to note that no concrete evidence of abuse of the vulnerability was presented at that time.
Meta spokesperson Christina LoNigro said that WhatsApp has no vulnerabilities and the document reflects only a theoretical possibility, not unique to WhatsApp.
The document shows how government agents can use access to Internet infrastructure to monitor encrypted communications, which allows them to draw conclusions about who is communicating with whom. It's like watching a postman carry a sealed envelope. Traffic analysis allows governments to identify individuals participating in conversations, even if the content remains hidden. Metadata, such as who communicates when and where, is of great value to intelligence and military agencies around the world.
The WhatsApp document does not provide specific examples of state actors using this method, but it does refer to reports from the New York Times and Amnesty International showing how countries monitor the use of encrypted messaging apps.
As war becomes increasingly computerized, metadata — information about who, when, and where is negotiating-has become of great value to intelligence, military, and police agencies around the world. "We kill people based on metadata," Michael Hayden, the former head of the National Security Agency, once infamously joked.
It wasn't until the April publication exposing Israel's data-driven approach to war that WhatsApp's threat assessment became a point of tension within Meta.
A joint report by +972 Magazine and Local Call last month revealed that the Israeli army is using a software system called Lavender to automatically authorize the killing of Palestinians in the Gaza Strip. Using a vast array of data on 2.3 million residents of the Gaza Strip, Lavender algorithmically assigns "almost every Gazan a rating from 1 to 100, expressing the probability that they are a militant," the report said, citing six Israeli intelligence agencies. "A person who is found to have several different compromising qualities will achieve a high rating and thus automatically become a potential target for murder."
Concerned that the vulnerability in the company's product could be used to spy on and harm civilians in the conflict zone, some Meta employees organized an internal campaign called "Metamates for Ceasefire"("Meta colleagues - for a cease-fire").
The group published an open letter signed by more than 80 employees who provided their names. One of the requirements of the letter is "stop censorship, stop deleting employee statements inside the company" on this topic.
Successful traffic analysis attacks require all WhatsApp group chat participants or both sides of the conversation to be on the same network and country. While users in countries with proper privacy laws may be considered less vulnerable, the use of such methods of surveillance of telecommunications is noted even in the United States. In the Gaza Strip, the situation is particularly worrisome, as Internet access is controlled by Israeli government agencies, which makes Palestinian users extremely vulnerable to such attacks.
WhatsApp is considering introducing an enhanced security mode for vulnerable users, similar to Apple's "Lockdown Mode". However, this can have the opposite effect, singling out such users and making them even more vulnerable to surveillance.
An internal WhatsApp document makes it clear that a coordinated effort across the company is needed to protect users from traffic analysis.
