WikiLeaks Has “Revealed” the Obvious Fact That a Hacked Phone Makes Encrypted Messaging Pointless

Did they also find secret NASA data revealing the sky is blue?
This article is over 7 years old and may contain outdated information

Recommended Videos

If WikiLeaks has done one thing very well recently, it’s been highlighting the problems with a glut of information but a shortage of context. Most recently, they’ve released data on the CIA’s cyber surveillance abilities, and in the process they’ve stirred up fears that encrypted data transmission isn’t actually secure.

However, there’s nothing in their data dump that shows the CIA has broken the encryption of Signal, WhatsApp, or other popular secure messaging services. WikiLeaks own press release doesn’t say so, either, but their wording (and the tweet they sent out to accompany it) certainly wasn’t chosen to avoid that confusion. They state that the CIA can “bypass the encryption” of several apps by directly compromising the device the app is on, which is hardly new information.

These end-to-end encrypted messaging apps shield of data from spying while it’s transmitted, which means general, large-scale data collection efforts are out of luck. If there’s a targeted, successful effort to hack a specific person’s phone, though, no amount of encryption through an app is going to help. WikiLeaks’ press release says the CIA’s “bypass” is done by “hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”

That’s like saying you can bypass a password on a document by forcing someone to recite the contents for you from memory—true, but also painfully obvious and not really headline news. It’s not that WikiLeaks’ information is inaccurate, but the way it was sent out (and echoed in the New York Times and elsewhere) has people (largely journalists and activists) unnecessarily concerned over the security of communication apps, when nothing has changed about that security. If anything, this is good news for the apps, since it means the encryption is doing its job and requires a different, more involved approach to spying on someone’s private data.

In WikiLeaks’ view, the real news is that, whether or not the possibility is surprising, this is something the CIA is doing in some cases, thanks to security flaws on Android phones, and they think this and other measures outlined in their release “urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.” While you wait for that debate to take place between people who know what they’re talking about, check out the CIA’s repository of the dankest emoticons in existence—for very important national security purposes.

(image via Jacqui Brown)

—The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—

Follow The Mary Sue on Twitter, Facebook, Tumblr, Pinterest, & Google+.


The Mary Sue is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Dan Van Winkle
Dan Van Winkle
Dan Van Winkle (he) is an editor and manager who has been working in digital media since 2013, first at now-defunct Geekosystem (RIP), and then at The Mary Sue starting in 2014, specializing in gaming, science, and technology. Outside of his professional experience, he has been active in video game modding and development as a hobby for many years. He lives in North Carolina with Lisa Brown (his wife) and Liz Lemon (their dog), both of whom are the best, and you will regret challenging him at Smash Bros.