Despite end to end encryption, your WhatsApp and Telegram chats can be spied on (VIDEO)

Despite end to end encryption, your WhatsApp and Telegram chats can be spied on (VIDEO)
Even though WhatsApp promises end-to-end encryption on all of its chats, and Telegram offers end-to-end encryption on secret chats, the truth is that messages on these platforms can still be hacked. The reason is because the messaging apps still rely on phone networks that use Signalling System No. 7, better known as SS7.

You might recall that back in April, we told you about SS7 when we passed along a story shown on 60 Minutes about hacking. SS7 is a protocol used to connect carriers around the world and affects all smartphone users regardless of the device they use. While SS7 can't break the encryption employed by the two aforementioned messaging apps, it can be used to fool a wireless operator into helping the hacker open a duplicate WhatsApp and Telegram account in the name of the target.

The first step that a hacker employing SS7 does is trick the target's carrier into believing that his phone number is the same as the target's mobile number. Once that is accomplished, the hacker installs WhatsApp and Telegram on his phone, and uses the target's number to set up new accounts. This will allow them to receive the secret code falsely proving that the hacker is the legitimate user of these accounts. Once all this is accomplished, the ruse is on as the hacker can send and receive messages pretending to be the target.

You can see how this all works by watching the pair of videos below. Most security firms still prefer WhatsApp and Telegram for their end-to-end encryption, which prevents "man-in-the-middle" hacks that redirect messages to a hacker's phone. But obviously, opening a duplicate account can allow hackers to read messages not intended for their prying eyes.





source: ThomasFox-Brewster (1), (2), Forbes via BGR

FEATURED VIDEO

11 Comments

1. oozz009

Posts: 520; Member since: Jun 22, 2015

Suprise, suprise! LOL

2. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Hahaha, that sure didn't take long at all...same old story folks; nothing man-made is unhackable by man.

3. ibend

Posts: 6747; Member since: Sep 30, 2014

thats not man-in-the-middle attack on end-to-end encryption, the hacker just being the other "end" as it takeover victims account (and there must be something wrong with victims phone, its spoofed I guess)

4. Chuck007

Posts: 1410; Member since: Mar 02, 2014

Facebook and genuine privacy? Ha nice one!

5. TylerGrunter

Posts: 1544; Member since: Feb 16, 2012

They could, but as shown during the hack: 1) It is much more difficult to do than when they were not encrypted 2) The user is alerted of the hack. Look at the victims phone, it has a message that their account has been moved to a diffrent phone. In short: not a really usable hack

7. An.Awesome.Guy

Posts: 636; Member since: Jan 12, 2015

It can get back-up data. Saying that account was registered in another device is a big plus but what if that person was somehow ill ,in jail or traveling into another country then maybe this hack can be used in identity theft situation. nevertheless , it is very very difficult and probably these highly skilled hackers probably won't bother on looking after chatting apps I hope these messaging/chatting apps would somehow solve the problem like restoring backup only happens after 48 hours.from registering in a new device.

9. TylerGrunter

Posts: 1544; Member since: Feb 16, 2012

As I said, they could and the situation may happen. But it is (IMHO) very unlikely and not much to worry about. When there was no encryption my opinion on the matter was very different. The title is more a click bait than real news: anything can be hacked

10. An.Awesome.Guy

Posts: 636; Member since: Jan 12, 2015

I agree on that.

6. AhmadAlsayegh

Posts: 326; Member since: Jul 18, 2011

Maybe it is time to employ a new type of two step authentication, for example, in addition to the code, whatsapp or telegram should be associated with finger print authentication as a second step.. Just a thought

11. An.Awesome.Guy

Posts: 636; Member since: Jan 12, 2015

Since Finger-print is dependent on each phone and must not be registered or saved at chatting companies then this won't effect it. Also that technology can only be done on flagships. But maybe a second step like an email could be a good two step authentication .

8. xondk

Posts: 1904; Member since: Mar 25, 2014

Pretty obvious as attacks go, can't see any real hacker using them like this.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.