WikiLeaks Says the CIA Can “Bypass” Secure Messaging Apps Like Signal. What Does That Mean?
The following is an excerpt from Yael Grauer | March 8, 2017 | Slate.com |
When WikiLeaks released Vault 7, a series of leaks on the CIA hacking, people who use secure messaging apps were alarmed. The press release accompanying the trove of documents stated that the CIA was able to “bypass” the encryption of secure messaging tools–including Signal– “by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
This led some to believe that the CIA broke Signal, compromising their favorite secure messaging app. But a closer look reveals that the situation isn’t as dire as it seems. The CIA does not have a way around the cryptographic elements of the app. “They did not break Signal any more than looking at your phone over your shoulder breaks Signal,” said Nicholas Weaver, a computer security researcher at the International Computer Science Institute.
The CIA and other government agencies can circumvent messaging apps if they compromise your smartphone. But that’s not something they can do on a mass scale at the push of a button. Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology, says that the kind of bulk surveillance we learned about through Edward Snowden’s revelations is now much more difficult to accomplish thanks to the proliferation of end-to-end encryption (including HTTPS, iMessage, and Signal).
For more visit: Slate.com