The problem was found back in April 2016, by Tobias Boelter, a security researcher at University of California, Berkeley: he swiftly communicated his discovery to WhatsApp. The problem lay there, until today that went public. What’s the problem? A backdoor found in WhatsApp, considered a pretty secure instant messaging app – until today, at least.
WhatsApp encryption method is the same used by Signal, another instant messaging app, deemed secure enough to be used even by Edward Snowden. In any chat, users generate an encryption key that WhatsApp verifies directly on the phone: without those key, messages won’t be decrypted. Due to a bad implementation of Signal encryption key, WhatsApp can generate new encryption keys, without users knowing it, even when they’re offline.
It’s unclear whether this backdoor is “a feature” or a simple bug. It’s very clear that now this vulnerability is in the wild: any government can force Facebook (who owns WhatsApp) to reveal users messages. We’re waiting for further details.