U.S. Markets close in 1 hr 48 mins

No, the CIA Hasn’t Compromised Signal and WhatsApp

Jake Swearingen
Signal is still safe from the CIA’s prying eyes, even if your Android phone might not be.

WikiLeaks has released a new data dump today, which it is calling “Vault 7,” detailing some of the surveillance and hacking tools WikiLeaks claims the CIA currently uses. The release, which is made up of nearly 8,000 web pages and 1,000 documents, has a couple of bombshells that — if true — would show that the CIA wields some truly powerful tools, including the ability to use smart TVs as active surveillance devices, and using “Zero Day” exploits against popular smartphones like iPhone, Android, and Microsoft’s Windows devices.

Fortunately, one of the claims getting the most play online isn’t technically true. Here is this tweet from the New York Times:

And the full paragraph detailing the leak in the Times:

Among other disclosures that, if confirmed, would rock the technology world, the WikiLeaks release said that the C.I.A. and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect ‘audio and message traffic before encryption is applied.’

What WikiLeaks says the CIA is able to do right now on Android phones is look over your shoulder while you use your phone. It doesn’t matter how strong or secure your end-to-end encryption program is if someone can observe everything thing you type or read.

Not that that hasn’t caused the spread of, at best, misleading information on Twitter:

The bottom line is that if the CIA has managed to install malware on your Android smartphone (perhaps something like a keylogger or screen-capture program), it wouldn’t matter how strong the encryption is.

In the meantime, anyone saying the CIA has “cracked Signal,” or other encrypted chat apps, is either betraying a lack of understanding about what WikiLeaks claims the CIA is capable of doing, or engaging in base fearmongering. There’s plenty to be worried about in the WikiLeaks “Vault 7” file dump. Signal, WhatsApp, and Telegraph being cracked isn’t one of them.

Update 1:14 p.m. ET: Signal creator Moxie Marlinspike offered up his own thoughts about the information revealed in the Wikileaks Vault 7 files. “For us, it’s confirmation that the things we’re doing are working,” says Marlinspike. “End-to-end encryption has pushed intelligence agencies away from undectected and unfettered mass surveillance to where they have to use high-risk and targeted attacks.

“They have to use these [attacks] very carefully,” continues Marlinspike. “Every time they use one there’s a chance it’ll be detected, which costs millions of dollars to them.”

When asked if he took any personal satisfaction in knowing he’s created additional headaches for intelligence agencies, Marlinspike paused before simply replying, “No comment.”

Related Articles