WhatsApp: The Bad Guys' Secret Weapon
WhatsApp makes use of the Open Whisper Signal communication protocol to secure communications with end-to-end encryption. WhatsApp users rely on that security to freely exchange messages, discuss sensitive things and, with limited success, avoid religious and political oppression in certain countries.WhatsApp: The Bad Guy's Messenger of Choice
WhatsApp is extremely popular, easily being the number one instant messenger in the Western hemisphere. This, combined with its end-to-end encryption, make WhatsApp a popular tool among the criminals. Terrorists, scammers, extortionists and child molesters don't hesitate using WhatsApp to lure their victims, plan and coordinate illegal activities.
London, UK: Westminster Bridge attacker Khalid Masood allegedly sent a WhatsApp message that cannot be accessed by the police because it was encrypted. "We need to make sure that organizations like WhatsApp - and there are plenty of others like that - don't provide a secret place for terrorists to communicate with each other," said British Home Secretary Amber Rudd, trying to urge WhatsApp to provide a backdoor for British intelligence and law enforcement.
Australia government plans to ban end-to-end encryption, going as far as to claim the laws of mathematics no longer apply in Australia. "The only law that applies in Australia is the law of Australia", says Australian Prime Minister Malcolm Turnbull in a move to demand backdoor access to WhatsApp (and other messaging services) encrypted communications.
UAE already blocks WhatsApp voice and video calls as part of their policy on VoIP calls along with Azerbaijan, Belize, China, Iran, Kuwait, Morocco, Oman, Pakistan, Paraguay, and Saudi Arabia. Do these countries have a higher crime rate or a higher threat terrorism, or do they block WhatsApp for political reasons?
One thing the governments need to clearly understand: WhatsApp is not a weapon of mass destruction. It's just a reasonably convenient, reasonably secure tool that, for one reason or another, gained a large user base and became extremely popular with consumers. If a government bans encryption in 'big' messengers, they'll have to ban a range of open-source projects that are well beyond their reach and their jurisdiction. The bad guys will simply move to a different platform, of which there is no lack of. It's the regular Joe and Jane who will be left without protection.WhatsApp Encryption Controversy
The UK and Australia call for banning encryption and forcing manufacturers to include obligatory backdoors into their security systems, arguing that the laws of mathematics don't apply down under. At the same time, the EU proposes quite a different legislation, banning encryption backdoors and making end-to-end security mandatory across most of Europe. Austria proposes a law making it legal for the cops to intercept encrypted messages.
If all those contradicting laws are passed, manufacturers will have a difficult choice to make. They'll have to either provide backdoors and break EU laws; provide no backdoors and break British and Australian laws; or just cease to exist.USA, Germany Can Hack into WhatsApp Users' Phones
The CIA has developed an exploit that targets individual devices and allows experts to control and access everything on a smartphone, including messages. The thing is, the CIA exploit is all about getting malware onto phones. It's not about breaking, exploiting or compromising WhatsApp encrypted Signal communication protocol.
Following a similar path, Germany passes a law making it legal for the police to hack suspects' devices. The state-managed malware would intercept WhatsApp messages prior to encryption.Technical Feasibility of WhatsApp-Spying Malware
Is the use of malware by law enforcement feasible? For some devices, absolutely, this could be technically possible. However, installing malware onto any iOS device could be troublesome from the technical standpoint. Even if installed, malware running on an iPhone would have very limited access to device user's activities.
We at ElcomSoft don't believe in malware for the purpose of WhatsApp extraction. We don't believe in hacking the Signal protocol either. And most definitely we don't believe in network-level blocking of WhatsApp or any other secure messenger.
On the other hand, we fully support the effort the law enforcement puts investigating crime. We have tools for breaking encryption for a lot of different formats. We have a tool for breaking into WhatsApp as well. More information is available at https://www.elcomsoft.com/exwa.html
Did we say iPhones are secure, and WhatsApp even more so? Something new is coming from ElcomSoft to extract and decrypt iPhone users' WhatsApp communications. It's just around the corner. Stay tuned.
About the Author
Due to its point-to-point encryption, WhatsApp became a popular tool among the criminals.