The CIA Didn’t Break Signal or WhatsApp, Despite What You’ve Heard
There’s been one particularly misleading claim repeated throughout coverage of CIA documents released by WikiLeaks today: That the agency’s in-house hackers “bypassed” the encryption used by popular secure-chat software like Signal and WhatsApp.
By specifically mentioning these apps, news outlets implied that the agency has a means of getting through the protections built into the chat systems. It doesn’t. Instead, it has the ability, in some cases, to take control of entire phones; accessing encrypted chats is simply one of many security implication of this. Wikileaks’ own analysis of the documents at least briefly acknowledges this, stating that CIA “techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”