How to Protect Your Phone Messages from CIA Spying
News organization have been abuzz this week following the release of arn new WikiLeaks document dump detailing the hacking tools used by the CIArn to spy on Americans. Of the countless worrisome discoveries made rnpossible by the leaked documents, one of the most frightening was the rnassertion that the CIA is capable of “bypassing” encrypted messaging rnapps such as Signal and WhatsApp. This detail was widely reported rnthroughout the week, but according to the New York Times, those reports are overblown.rn
The Times reports that following the dump, security researchers used rnautomated tools to search the entire database and couldn’t find a singlern mention of any popular encrypted messaging apps. That means top rnmessaging apps like WhatsApp, Signal, Wickr and Apple’s own iMessage rnplatform are all safe from the CIA’s prying eyes.rn
Additionally, “the hacking methods described in the documents do not,rn in fact, include the ability to bypass such encrypted apps.” While a rnmember of the intelligence community might be able to access your rnWhatsApp by taking control of your phone, the app itself isn’t rnvulnerable, at least not according to the documents.rnrn
As the Times surmises, reporters seem to fundamentally misunderstand rnwhat these documents actually reveal. End-to-end encryption means that rnno one can aside from the two participants can access the conversation, rnincluding the company that developed the app. The tools that the leaked rndocuments describe focus on “techniques for hacking into individual rnphones,” which would subsequently give the CIA (or anyone else who rnhacked your phone) the ability to see anything they want to see.rn
While this is also troublesome, it’s a different story than if the rnCIA had developed a tool to “bypass” encryption altogether. Instead, it rnseems to reinforce the idea that encrypted communication is working. rnOtherwise, why would the CIA be hacking into individual devices rather rnthan massive network of app users?rnrn
Had WikiLeaks not willfully deceived the public with tweets about rn“hacking malware” that could “infest” mobile devices and “bypass” rnencryption of apps like Signal and Confide, this clarification might notrn be necessary. But once again, there appears to be a story behind the story being pushed by WikiLeaks.