If you have recently used WhatsApp chances are you would have encountered the following message: “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.” Tapping on the notification further explains that this means that “WhatsApp and third parties can’t read or listen” to any WhatsApp chats and calls and also adds an option for users to verify if a message came from someone they know — and not from a hacker posing as a friend.
WhatsApp co-founder Jan Koum announced the update on his Facebook page, stating that the company has been working on the feature for the last two years.
“We’ve been working for the past two years to give people better security over their conversations on WhatsApp… People deserve security. It makes it possible for us to connect with our loved ones. It gives us the confidence to speak our minds. It allows us to communicate sensitive information with colleagues, friends, and others. We’re glad to do our part in keeping people’s information out of the hands of hackers and cyber-criminals.” Koum wrote.
Clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.Calls, large file attachments are end-to-end encrypted as well. Note the ever-changing message key can mean a delay in some messages getting delivered.
It should be noted that feature is enabled by default in WhatsApp, which means that if you and your friends are on the latest version of the app, all chats will be end-to-end encrypted. Unlike say Telegram where users have to start a secret chat to enable the feature, WhatsApp has the feature on at all times. Users don’t have the option of switching off end-to-end encryption.