An Israeli surveillance firm claims it can break the encryption behind the popular messaging app WhatsApp.
Wintego claims it can compromise the data transmitted in encrypted conversations contained in WhatsApp through a program called CatchApp. According to brochures handed out at a recent policing event, CatchApp uses a man-in-the-middle attack to intercept traffic in between the sender and the recipient.
This capability to compromise WhatsApp’s encryption is supposedly contained in WINT, a hacking device small enough to be stored inside a backpack. WINT is touted as being able to compromise all user data by obtaining login credentials.
Google Allo another encrypted app that could be unsafe
WhatsApp would not be the first encrypted messenger to run into security difficulties. Faced with increasing market demand for privacy, Google recently released its own encrypted messaging app, Allo. However, according to famed NSA whistleblower Edward Snowden, Allo is so insecure that it might as well be called “Google Surveillance.” This leads to doubt in the security of apps run by internet mega corporations such as Allo’s Google or WhatsApp’s Facebook.
The risk of data loss through hacks is on the rise as large companies are often helpless to protect data. Yahoo recently experienced a severe hack where a staggering 500 million user accounts were compromised. Apple’s iOS 10 release reduces devices’ resilience to hacking attempts, making a brute force attack 2,500 times more likely to succeed.
As encryption develops, so do the forces trying to compromise it
Faced with increasing challenge from hackers, privacy advocates are engaged in an arms race to make sure encryption is up to speed. A variety of tools are in development that promise the next generation of privacy, making Tor’s security look insecure by comparison.
In the meantime, however, government forces are doing all they can to stop the spread of encryption. France and Germany are pushing the EU to adopt regulation requiring that all secure messaging apps allow backdoors for law enforcement use, effectively banning end-to-end encryption. In the US the FBI has announced similar plans, stating that they are readying a post-election attack on encryption sometime next year.