SoylentNews is people
SoylentNews
Forbes staff reporter Thomas Fox-Brewster has an article (mirror here for those who won't turn off their ad blockers) reporting that Haifa-based spy tech company Wintego allegedly has the capability to break WhatsApp's encryption. From the article:
An Israeli company is marketing what appears to be an astonishing surveillance capability, claiming it can siphon off all WhatsApp chats, including encrypted communications, from phones within close proximity of a hidden Wi-Fi hacking device in a backpack.
Brochures leaked to FORBES, and published below, revealed a non-public offering from Haifa-based Wintego called CatchApp. It promises an "unprecedented capability" to break through WhatsApp encryption and grab everything from a target's account. It does so through a "man-in-the-middle" (MITM) attack; in theory the traffic is intercepted between the app and the WhatsApp server and somehow the encryption is decoded by the device, though that may not be possible with the latest upgrades to the software's cryptography.
According to the anonymous source who handed FORBES the documents, the product works on the most current versions of WhatsApp, noting the brochures were handed out at a policing event this year. They could not offer any proof of that claim, however, and the files may date from before WhatsApp added significantly stronger end-to-end encryption.
(Score: 3, Interesting) by PizzaRollPlinkett on Thursday October 06 2016, @02:32PM
Besides, what's this "allegedly" stuff, anyway? They either broke the encryption or they did not. There is no middle ground. If it's broken, they can prove that by releasing the source code or techniques that broke it. So, it won't be right unless they can prove their claims. BTW, I broke SSL yesterday and have been reading every financial transaction on the Internet, and I also broke into all the nuclear reactors on the planet, and after lunch I broke all disk encryption on all operating systems. I had a busy day. But I'm not going to tell you what I did or how I did it.
(E-mail me if you want a pizza roll!)
(Score: 2) by opinionated_science on Thursday October 06 2016, @02:41PM
agreed. Sounds like it could be a sales pitch - especially since Whatsapp uses the Signal code... Though, if it's windows surely this is redundant? - it's likely M$ baked in backdoors to meet the $NSL printer spool......
Not saying it *cant* be cracked, but extraordinary claims....
As a penguinista , I'm still waiting for the CPU microcode exploit that get's us all....
(Score: 0) by Anonymous Coward on Thursday October 06 2016, @05:27PM
BTW, I broke SSL yesterday and have been reading every financial transaction on the Internet, and I also broke into all the nuclear reactors on the planet, and after lunch I broke all disk encryption on all operating systems.
Can I get some cash or plutonium instead of a pizza roll? I'll settle for unlimited cloud storage capability for alls my torrentz!
(Score: 1) by toph on Thursday October 06 2016, @05:46PM
If you really did brake SSL yesterday and have been reading every financial transaction on the Internet, then the last thing you'd want to do is tell people about it. You'd instead take every and all advantage of your capability to become filthy rich.
(Score: 2) by PizzaRollPlinkett on Thursday October 06 2016, @07:34PM
I've got a lot of what it takes to get along after last night. After draining Bill Gates' bank accounts, I quit. I don't want to get greedy.
(E-mail me if you want a pizza roll!)
(Score: 0) by Anonymous Coward on Thursday October 06 2016, @06:39PM
BTW, I broke SSL yesterday and have been reading every financial transaction on the Internet
Cool. Where are Trump's tax returns, then?
(Score: 1, Insightful) by Anonymous Coward on Thursday October 06 2016, @07:15PM
> If it's broken, they can prove that by releasing the source code or techniques that broke it.
If they released it, they would cease to be able to monetize it. They presumably want money, not fame; they're a corporation, not an actor.
(Score: 2, Insightful) by Anonymous Coward on Thursday October 06 2016, @08:27PM
My take is it could be a government trying to discourage use of something they can't break. What better way to get someone to look for other options than cast doubt on something that is secure.
The terrorists have been using whatsapp and certain 3 letter agencies might have a desire to get them to try something else. If it works....bravo!
(Score: 2) by stormwyrm on Friday October 07 2016, @12:17AM
They are only under obligation to prove their claims to their customers, not to the world. Doing that would be like the Allies announcing to the Germans that they've cracked Enigma. They're not Whatsapp's competitors or white hat security researchers (they are obviously black hats: that they do this work at the behest of governments and law enforcements is not relevant) and would rather people continue using a platform they have the ability allow their customers to exploit. Hence their efforts to keep this capability secret, but they still have to tell their prospective customers, apparently this was a leak at a "policing event" (this sounds like a law enforcement trade show). The knowledge that you have the ability to break a cryptosystem is frequently far more valuable than any intelligence you can get from breaking it.
As I have said if this is real they are most likely exploiting platform vulnerabilities, or alternatively might have found a 0-day in the current version of Whatsapp itself. If that counts as breaking the encryption, then they've broken the encryption. If this isn't real then it might perhaps be a ploy to get people to stop using it in favour of some other system that they can break.
Numquam ponenda est pluralitas sine necessitate.