Is WhatsApp Hacked?
Forbes is reporting that the Israeli cyberweapons arms manufacturer Wintego has a man-in-the-middle exploit against WhatsApp.
It's a weird story. I'm not sure how they do it, but something doesn't sound right.
Another possibility is that CatchApp is malware thrust onto a device over Wi-Fi that specifically targets WhatsApp. But it's almost certain the product cannot crack the latest standard of WhatsApp cryptography, said Matthew Green, a cryptography expert and assistant professor at the Johns Hopkins Information Security Institute. Green, who has been impressed by the quality of the Signal code, added: "They would have to defeat both the encryption to and from the server and the end-to-end Signal encryption. That does not seem feasible at all, even with a Wi-Fi access point.
"I would bet mundanely the password stuff is just plain phishing. You go to some site, it asks for your Google account, you type it in without looking closely at the address bar.
"But the WhatsApp stuff manifestly should not be vulnerable like that. Interesting."
Neither WhatsApp nor the crypto whizz behind Signal, Moxie Marlinspike, were happy to comment unless more specific details were revealed about the tool's capability. Either Wintego is embellishing what its real capability is, or it has a set of exploits that the rest of the world doesn't yet know about.
Posted on October 4, 2016 at 1:47 PM • 37 Comments