Skip to main content

PSA: Signal, WhatsApp, iMessage and others not compromised by CIA hacking tools

Somewhat careless wording by Wikileaks has led to widespread reports than messaging apps that use end-to-end encryption – like Signal, WhatsApp and iMessages – had been compromised by the CIA. There is in fact no evidence that this is the case.

Any suggestion that Signal had been compromised would be particularly worrying as it is a favorite tool of journalists when communicating with sources whose safety could be endangered if it was known they were talking to the press.

The misunderstanding arises because the CIA’s tools would allow it to take control of specific devices, and once a device is compromised, then end-to-end encryption no longer offers any protection. But that’s very different from suggesting that the apps themselves have been compromised.

Indeed, as Edward Snowden and others have observed, the very fact that the CIA needs to attack devices is evidence that it has been unable to intercept communications which employ strong encryption. As the NYT puts it:

If anything in the WikiLeaks revelations is a bombshell, it is just how strong these encrypted apps appear to be. Since it doesn’t have a means of easy mass surveillance of such apps, the C.I.A. seems to have had to turn its attention to the harder and often high-risk task of breaking into individual devices one by one.

So sure, if your device has been compromised, all bets are off. But there is nothing at all to suggest that the CIA has any ability to decode communications from IM apps which use strong encryption. The NYT again:

Neither Signal nor WhatsApp, for example, appears by name in any of the alleged C.I.A. files in the cache. (Using automated tools to search the whole database, as security researchers subsequently did, turned up no hits.) More important, the hacking methods described in the documents do not, in fact, include the ability to bypass such encrypted apps.

Both Apple and Google have stated that ‘many’ of the exploits revealed have already been patched, and that they are working swiftly to fix others – a task made easier by the announcement that Wikileaks will share with tech companies the full details of the hacks.


FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear