Report: CIA Didn't Compromise Encrypted Messaging Apps

Central Intelligence Agency CIA AH

The United States Central Intelligence Agency (CIA) didn’t manage to compromise encrypted instant messaging (IM) apps like Signal, industry experts say. The idea that the CIA cracked encrypted IM apps surfaced after WikiLeaks released a new set of documents that revealed some of the agency’s hacking methods earlier this week. While some information contained in the documents is certainly alarming to privacy advocacy groups, numerous media outlets including The New York Times came to the wrong conclusion that the CIA managed to hack a number of popular encrypted messaging apps including WhatsApp, Signal, Telegram, and Confide.

However, most of the original claims about hacking have now been redacted and retracted after a number of cyber security experts publicly explained the meaning of the documents. While not everyone agrees about the specifics and some details are still up to subjective speculation, virtually all industry professionals agree that the CIA did not compromise encrypted messaging apps. Open Technology Institute’s Ross Schulman told TechCrunch that numerous misleading headlines claiming that the likes of Signal and WhatsApp have been hacked could potentially dissuade people from using them, which is the opposite of what they should be doing. These apps still “protect a lot of people,” Schulman said, referring to the fact that there’s no evidence the CIA managed to crack any popular messaging app. Instead, the documents released by WikiLeaks suggest that the U.S. agency used malware to infect mobile devices and gain access to their data. Once the actual device is infected,”there’s nothing that the app can do,” Schulman explained.

Encrypted messaging apps still have to decrypt the contents of one’s messages so that their users are able to read them, so if a user’s phone is infected with spying software, there’s nothing any app can do to stop malware seeing how locally stored malicious code is able to read the contents of user’s messages in plain text just like they can. Despite the fact that there’s no evidence the CIA has a backdoor into any popular messaging app, the contents of the documents released by WikiLeaks still raised a number of privacy-related issues and the U.S. agency is currently facing a lot of backlash from various privacy advocacy groups and individuals.