"Police will be hacking WhatsApp" sounds much flashier than "they're developing for malware". There is no cracking of encrypted messages going on. This is about creating and distributing targeted malware to install on (unsuspecting) suspects' devices in order to capture decrypted messages on the end device.
This is about creating and distributing malware to install on suspects' devices in order bypass most encryption implementations
What should be most disturbing is the expected use case.
It's expected to be used in run of the mill cases. When you start doing something like this at scale automating it at scale comes soon after.
I don't think anyone wants to live in a world where the police have a gui button labeled "install on all suspects" and some software to infer messages of interest based on a case number.
Think about all the stuff they did to identify the guys who bombed the Boston marathon. All of that can (and it looks like it will) soon be automated.
Now imagine that it's applied to common crime. Imagine being picked up off the street and interrogated because you unknowingly frequented a convenience store that had a drug trafficking operation going on behind the scenes and an automated system identified you (and 50 other people).
Would you like to live in a world where you can't talk about buying fireworks for the 4th because you know if you do you'll get "randomly" pulled over every time you drive back across state lines in the month of June
We're rapidly marching toward a world where that sort of stuff is possible at scale.
According to this article, they way they bypass WhatsApp's end-to-end encryption is by gaining access to the host device itself, and then recording everything that's on the screen.
So this would mean switching to something like Signal (which is in principle more secure) shouldn't help.
I'm quite skeptical that they can do this in a general case - Perhaps exploiting some zero days on some Android/iOS versions? I don't expect Google and Apple to sit around and let this happen for too long though.
title is misleading because it's not like Germany broke the encryption. But this has nothing to do with rt, a lot of news outlets reported it in this way. And in the article rt is is pretty clear what it is about: The law makes it legal for the police to install trojans on a phone to gather evidence.
swerner|8 years ago
"Police will be hacking WhatsApp" sounds much flashier than "they're developing for malware". There is no cracking of encrypted messages going on. This is about creating and distributing targeted malware to install on (unsuspecting) suspects' devices in order to capture decrypted messages on the end device.
unknown|8 years ago
[deleted]
nthcolumn|8 years ago
dsfyu404ed|8 years ago
This is about creating and distributing malware to install on suspects' devices in order bypass most encryption implementations
What should be most disturbing is the expected use case.
It's expected to be used in run of the mill cases. When you start doing something like this at scale automating it at scale comes soon after.
I don't think anyone wants to live in a world where the police have a gui button labeled "install on all suspects" and some software to infer messages of interest based on a case number.
Think about all the stuff they did to identify the guys who bombed the Boston marathon. All of that can (and it looks like it will) soon be automated.
Now imagine that it's applied to common crime. Imagine being picked up off the street and interrogated because you unknowingly frequented a convenience store that had a drug trafficking operation going on behind the scenes and an automated system identified you (and 50 other people).
Would you like to live in a world where you can't talk about buying fireworks for the 4th because you know if you do you'll get "randomly" pulled over every time you drive back across state lines in the month of June
We're rapidly marching toward a world where that sort of stuff is possible at scale.
kitchi|8 years ago
So this would mean switching to something like Signal (which is in principle more secure) shouldn't help.
I'm quite skeptical that they can do this in a general case - Perhaps exploiting some zero days on some Android/iOS versions? I don't expect Google and Apple to sit around and let this happen for too long though.
thor1299|8 years ago
LiveOverflow|8 years ago
pawelkomarnicki|8 years ago
moomin|8 years ago
thinbeige|8 years ago
d0mme|8 years ago