Despite end-to-end encryption, your WhatsApp and Telegram chats can be spied on

end-to-end-encryptionEven though WhatsApp promises end-to-end encryption on all of its chats, and Telegram offers end-to-end encryption on secret chats, the truth is that messages on these platforms can still be hacked. The reason is because the messaging apps still rely on phone networks that use Signalling System No. 7, better known as SS7.

You might recall that back in April, we told you about SS7 when we passed along a story shown on 60 Minutes about hacking. SS7 is a protocol used to connect carriers around the world and affects all smartphone users regardless of the device they use. While SS7 can't break the encryption employed by the two aforementioned messaging apps, it can be used to fool a wireless operator into helping the hacker open a duplicate WhatsApp and Telegram account in the name of the target.

The first step that a hacker employing SS7 does is trick the target's carrier into believing that his phone number is the same as the target's mobile number. Once that is accomplished, the hacker installs WhatsApp and Telegram on his phone, and uses the target's number to set up new accounts. This will allow them to receive the secret code falsely proving that the hacker is the legitimate user of these accounts. Once all this is accomplished, the ruse is on as the hacker can send and receive messages pretending to be the target.

You can see how this all works by watching the pair of videos below. Most security firms still prefer WhatsApp and Telegram for their end-to-end encryption, which prevents "man-in-the-middle" hacks that redirect messages to a hacker's phone. But obviously, opening a duplicate account can allow hackers to read messages not intended for their prying eyes.

Recommended

Iran blocks encrypted messaging apps amid nationwide protests

For the past six days, citizens have taken to the streets across Iran, protesting government oppression and the rising cost of goods. Video broadcasts from the country have shown increasingly intense clashes between protesters and riot police, with as many as 21 people estimated to have died since the protests began. But a complex fight ...

Hacker finds breach in WhatsApp’s encryption system

A security expert has found a breach in WhatsApp’s supposed ‘end-to-end’ encryption system. On earlier 2016, the Facebook-owned company proudly announced that messages would feature end-to-end encryption, thus giving users the tranquility that their private conversations would remain untouched. Jonathan Zdziarski, a digital forensic specialist and digital security expert, published an article on Thursday with ...

Facebook to add end-to-end encryption to Messenger app

Facebook has started to introduce a setting to its "Messenger" app that provides users with end-to-end encryption, meaning messages can only be read on the device to which they were sent. The encrypted feature is currently only available in a beta form to a small number of users for testing, but it will become available ...

Supreme Court rejects PIL for WhatsApp ban, but encryption debate is just beginning

WhatsApp’s end-to-end encryption might still be a contentious issue, but on Wednesday the Supreme Court refused to allow a PIL seeking a ban on the popular app and similar messenger services. The PIL, filed by Gurugram-based RTI activist Sudhir Yadav, said these apps have complete encryption, which poses a threat to the country’s security. A ...

暂无评论

发表评论

您的电子邮件地址不会被公开,必填项已用*标注。

This site uses Akismet to reduce spam. Learn how your comment data is processed.