Newspaper article The Christian Science Monitor

Yes, Your Encrypted WhatsApp Messages Are Still Secret

Newspaper article The Christian Science Monitor

Yes, Your Encrypted WhatsApp Messages Are Still Secret

Article excerpt

If you've recently seen headlines or tweets claiming that hackers can get around WhatsApp's encryption, don't believe the hype.

Last week, the London cybersecurity firm Positive Technologies boasted that it had discovered a vulnerability in a fundamental part of the mobile communications infrastructure that rendered WhatsApp encryption useless.

Later, however, the company admitted it may have overstated the scope of the problem. Yes, they say criminals may be able to take over your WhatsApp or Telegram account by exploiting flaws in the Signaling System No. 7 (SS7) network that routes calls and text messages around the world.

"It wouldn't render the encryption ineffective, but it would still expose the user to be impersonated, and continue to be impersonated," said Alex Mathews, a spokesman for Positive Technologies. "The whole reason to come out with this angle is to change the way the they are working," referring to WhatsApp and Telegram security settings that he claims don't put enough of an onus on users to verify their identity.

But experts don't think that just any hacker can break into your WhatsApp account. They'd need access to SS7 - typically controlled by phone carriers and national operators - specialized software, the user's cellphone number, and the subscriber identity.

What can be exploited, according to Mr. Mathews' team, are security protocols in SS7 that could allow hackers to steal verification codes to register fraudulent accounts. In fact, using a Linux-enabled laptop loaded with SS7 access and specialized software, Positive Technologies said it could impersonate WhatsApp and Telegram users.

The Positive Technologies report followed a widely publicized segment on SS7 vulnerabilities on "60 Minutes," adding to the hype about flaws in the mobile backbone. On an April episode of the CBS News program, German security researcher Karsten Nohl exploited SS7 - which transfers mobile traffic from cellphone towers to the Internet - to snoop on an iPhone belonging to Rep. Ted Lieu (D) of California, reading calls, e-mails, and text messages.

"This can be done either by a telecom operator or by third- parties that manage to co-opt or infiltrate a telecom provider," said Markus Ra, a Telegram spokesman. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.