When WhatsApp turned on end-to-end encryption by default for all its users earlier in the year, it became clear that bad guys and government authorities alike could no longer invade your privacy by spying on you indiscriminately. This put them in trouble in countries like Brazil among others but now it looks like that line of protection may not be unbreakable after all.
An Israeli company is saying they can actually filter out all your WhatsApp chats using a hidden Wi-Fi hacking device in a backpack. The only thing is you have to be close to the backpack at the time. The news of this surfaced in a Forbes article on Thursday where they said an anonymous source sent the documents in and they have published it on their website which you can see using the link provided earlier.
The product works on the most current versions of WhatsApp, noting the brochures were handed out at a policing event this year. They could not offer any proof of that claim, however, and the files may date from before WhatsApp added significantly stronger end-to-end encryption.
Through a feature in their WINT solution Called CatchApp from Israeli company Wintego, breaking WhatsApp’s security is done through something called a man-in-the-middle” (MITM) attack and as the name implies, this means data is intercepted before hitting WhatsApp servers and can be decoded at that point thereby giving whoever is responsible access to otherwise encrypted messages. You see the term end-to-end encryption especially as it relates to WhatsApp means that chats are protected from your mobile device to until it reaches your partner’s device and this process is repeated back and forth. What these guys are simply saying is that while that may be so, they can break that encryption which doesn’t give it that end-to-end feel anymore.
The example here is just WhatsApp and that’s because they have touted this technology, in fact the documents obtained by Forbes say, this Israeli company through this counter technology can obtain “the entire contents of your targets’ email accounts, chat sessions, social network profiles, detailed contact lists, year-by-year calendars, files, photos, web browsing activity, and more.
That said, some security experts doubt this claim. The report actually mentioned an expert who suspects that this could just be a malware out for WhatsApp that is not able to crack open the latest standard of WhatsApp.
In any case, this reminds me of the FBI attempt to break into an iPhone 5C belonging to a deceased suspect to no avail until they hired someone reportedly for millions of dollars to unlock the phone. They succeed but confessed that they could not unlock newer iPhone versions. That said, security is a function of the available threats and as you and I know, these threats evolve daily.