Publications have been wildly awash with numerous reports this week of the U.S. Central Intelligence Agency's hacking efforts to spy on American citizens through the use of different tools outlined in WikiLeaks's document dump, causing a widespread maelstrom in the embattled narrative of data security.
No, The CIA Can't Crack Your Encrypted Messages
While the hacking tools were legitimate worries themselves, no less worrying was the assertion that the CIA is capable of bypassing encrypted messaging services such as WhatsApp and Edward Snowden-endorsed Signal. That these apps, equipped with end-to-end encryption, could fall vulnerable in the grand scheme of things, is pretty terrifying.
This tidbit was widely reported in the heat of the WikiLeaks slash CIA maelstrom, but according to the New York Times, such reports are overblown. The publication reports that following the data dump, security researchers combed the entire database using automated tools, but could find nary a mention of popular encrypted messaging platforms such as WhatsApp, Signal, Wickr, and iMessage, essentially meaning that all are immune from CIA's reported hacking tools.
The report adds that the hacking methods outlined in the documents do not, in fact, have the ability to bypass the encrypted apps. Though a member of the CIA might be able to seize control of WhatsApp by also taking control over the phone, the app itself isn't open to hacking, at least not according to the documents.
The Times presumes that many publications are apparently finding it hard to decipher and understand what the documents actually reveal. End-to-end encryption, which these apps offer, entails only the two participants as the only individuals capable of accessing their conversation, leaving out everybody else, even the company which made the app itself.
In fact, the New York Times suggests that if anything, the document dump proves that encrypted messaging apps are very strong, and that the privacy lockdown aspect of it is indeed working.
Of course, this doesn't mean that the CIA can't monitor the communication process using malware — it can. What it can't do, however, is view the actual contents of that communication as it's being transmitted from one device to another.
"The CIA/WikiLeaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption," said Open Whisper systems, the folks behind Signal.
What This Means For You
In a nutshell, if you've used any of the aforementioned apps for communicating with people, you should be safe from any vulnerabilities. But even if your device was hacked, you can be confident that any hacker, even the CIA, won't be able to see your messages, according to TechnoBuffalo.
In reality, the only people that need to be worried are those who might be a potential target of total-device takeover, which Wired notes is an exploit largely limited to nation-state actors. At that point, however, being the target of total-device takeover is already an insane feat in and of itself, and it's likely the target is facing bigger concerns than that vulnerability alone.