When WhatsApp turned on end-to-end encryption by default for all its users earlier in the year, it became clear that bad guys and government authorities alike could no longer invade your privacy by spying on you indiscriminately. This put them in trouble in countries like Brazil among others but now it looks like that line of protection may not be unbreakable after all.
An Israeli company is saying they can actually filter out all your WhatsApp chats using a hidden Wi-Fi hacking device in a backpack. The only thing is you have to be close to the backpack at the time. The news of this surfaced in a Forbes article on Thursday where they said an anonymous source sent the documents in and they have published it on their website which you can see using the link provided earlier.
The product works on the most current versions of WhatsApp, noting the brochures were handed out at a policing event this year. They could not offer any proof of that claim, however, and the files may date from before WhatsApp added significantly stronger end-to-end encryption.
Through a feature in their WINT solution Called CatchApp from Israeli company Wintego, breaking WhatsApp’s security is done through something called a man-in-the-middle” (MITM) attack and as the name implies, this means data is intercepted before hitting WhatsApp servers and can be decoded at that point thereby giving whoever is responsible access to otherwise encrypted messages. You see the term end-to-end encryption especially as it relates to WhatsApp means that chats are protected from your mobile device to until it reaches your partner’s device and this process is repeated back and forth. What these guys are simply saying is that while that may be so, they can break that encryption which doesn’t give it that end-to-end feel anymore.
The example here is just WhatsApp and that’s because they have touted this technology, in fact the documents obtained by Forbes say, this Israeli company through this counter technology can obtain “the entire contents of your targets’ email accounts, chat sessions, social network profiles, detailed contact lists, year-by-year calendars, files, photos, web browsing activity, and more.
That said, some security experts doubt this claim. The report actually mentioned an expert who suspects that this could just be a malware out for WhatsApp that is not able to crack open the latest standard of WhatsApp.
In any case, this reminds me of the FBI attempt to break into an iPhone 5C belonging to a deceased suspect to no avail until they hired someone reportedly for millions of dollars to unlock the phone. They succeed but confessed that they could not unlock newer iPhone versions. That said, security is a function of the available threats and as you and I know, these threats evolve daily.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
