The vulnerability is on the user end. If you infiltrate the user device, or just get another receiver of the messages to expose them, the content is clear to read. Wonderful thing for law enforcement about WhatsApp, is they bleed out metadata about who contacted whom, and when, and where they were at the time. WhatsApp even provides that to Facebook, and from there the data used to be able to be bought for “research”. The metadata can be used to zoom in to identify individuals if you match their patterns of behaviour with locations.
Thing is, it’s not just Whatsapp. It’s literally every single server-based mechanism to exchange data. You have to trust that the server in question wipes logs on the regular and is not under some secret data collection warrant.
And ultimately, anything that you can just sign into another device with and retain your messgae history is not fully e2e encrypted…it means a server holds your encryption key for you.
The easy test is to see if the service has a password reset option - if so, they can reset the password. If not, you know, only your password or encryption key can unlock it. For example, Signal won’t restore chat history to a new device. So yes Telegram will, but for secret chats no that data is not synced and will be lost.
Removed by mod
This is something I would also like to know.
Pegasus or other ways to compromise the device directly.
by accessing one of the ends, where the message is decrypted upon arrival.
https://www.securityweek.com/iranian-hackers-target-academic-researcher-whatsapp-linkedin https://english.alaraby.co.uk/news/iran-hackers-bypassing-whatsapp-encryption-target-dissent-reports
but i also remember some mention to groups just sending some text, … and they would exploit it somehow by technical exploits alone, no social engineering
It would be great if Australia gets caught compelling Amazon to give them Signal metadata, because it would stop a lot of people from pretending that Signal’s “sealed sender” cryptography LARPing actually prevents that.