1
0
9x0rg.com/content/posts/infosec/the-cia-didnt-break-signal-or-whatsapp.md

1.9 KiB
Raw Blame History

title date draft tags author hidemeta ShowReadingTime ShowPostNavLinks showtoc cover
The CIA didn't break Signal App 2017-03-08T10:06:00+06:00 false
encryption
infosec
signal app
whatsapp
data privacy
cia
9x0rg false true true false
image alt caption relative
<image path/url> <alt text> <text> false

The CIA didn't break Signal or WhatsApp... despite what you've heard.

The agency might be able to break into your phone, but files released today show no ability to intercept encrypted chats before they arrive there.

There's been one particularly misleading claim repeated throughout coverage of CIA documents released by WikiLeaks today: that the agencys in-house hackers “bypassed” the encryption used by popular secure-chat software like Signal and WhatsApp.

It doesnt. Instead, it has the ability, in some cases, to take control of entire phones; accessing encrypted chats is simply one of many security implications of this.

Its also true that the CIA can bypass PGP email encryption on your computer. And the CIA can bypass your VPN. And the CIA can see everything youre doing in Tor Browser. All of these things can be inferred by the documents, but that doesnt mean using PGP, VPNs, or Tor Browser isnt safe.

Basically, if the CIA can hack a device and gain full control of it — whether its a smartphone, a laptop, or a TV with a microphone — it can spy on everything that happens on that device.

It of course remains possible (as it always has and always will) that the CIA has cracked the encryption of Signal, WhatsApp, or any other piece of software. But WikiLeaks hasnt provided any evidence of that here today.

-- Sam Biddle & Micah Lee in The Intercept