Exclusive | WhatsApp says its encryption works fine, swipes at Google and Apple – Moneycontrol

Posted on by

WhatsApp, pushed onto the backfoot after a Israeli firm's spyware infiltrated the messaging service and compromised users' phones, has gone on the offensive with an assertive statement aimed at the government and the makers of phone software.

On November 5, the Facebook-owned company defended its 'end-to-end' encryption, suggesting pushback on another issue where it is locked in a battle with the governmentthe traceability of messages on social media.

WhatsApp also took a potshot at Google and Apple, saying that vulnerabilities in phone operating systems allowed the Pegasus spyware of Israel's NSO Group to gain complete visibility of infected phones. Most phones run Google's Android or Apple's iOS software.

"Unable to break end-to-end encryption, this kind of malware abuses vulnerabilities within the underlying operating systems that power our mobile phones," the statement said.

The spyware, Facebook says, was installed through a WhatsApp call routed by NSO over Whatsapp servers. This was accomplished by reverse-engineering Whatsapp and tricking the server into believing that spyware code was Whatsapp traffic. Therefore, technically, the end-to-end encryption feature was not broken.

The wholesale compromise of infected phones by Pegasus came to light after Facebook sued NSO Group in a US court. More than 1,400 phones and devices have apparently fallen victim globally, with 121 of them in India - the main targets being human rights activists, journalists and lawyers.

NSO says Pegasus is sold only to governments.

The pushback on end-to-end encryption is significant because the government has been insisting that Whatsapp and other messaging providers allow for traceability of messages so that government agencies can track down the origin of messages. This, the government says, is necessary for law-enforcement agencies fighting crimes like terrorism, child pornography or the propagation of hate speech.

But Facebook's position is that it is not possible to work traceability into its software without compromising on end-to-end encryption which ensures that only senders and receivers of messages have the keys to unlock and read those messages.

The Supreme Court has transferred to itself a number of petitions on the issue of traceability. Hearings are due to begin in January 2020.

On November 3, in its response to government questions, Whatsapp said that in May it was not certain that the attack was launched by the NSO Group. But, WhatsApp had found out the vulnerability on April 29, and informed the government in May.

"That time even WhatsApp was not aware that it was the NSO Group and Indians were affected," said a source at WhatsApp.

Echoing its lawsuit, Facebook has told the government that the NSO Group violated WhatsApp's terms and conditions.

WhatsApp in its US case filing, which was sent to the government, also mentioned that the NSO Group leased servers and internet hosting services in different countries, including the United States, in order to connect the target devices to a network of remote servers intended to distribute malware and relay commands to the target devices.

See the article here:
Exclusive | WhatsApp says its encryption works fine, swipes at Google and Apple - Moneycontrol

Related Posts
This entry was posted in $1$s. Bookmark the permalink.