WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears | Computer Weekly

FrostyPolicy , 3 hours ago

Wonder how they’d manage that as they both are E2EE.

redditReallySucks , 3 hours ago

With a warrant they could probably force signal/whatsapp to inject Malware into their apps to spy on users.

Don’t know how possible it is with signal and their reproducible builds. They would need to add this to the source code of the app.

otter , 13 minutes ago

Could they though, I thought signal would just leave the market

30p87 , 3 hours ago

Especially with Signal being open source. What stops the official Signal company from advertising another fork?

kubica , 2 hours ago

"Gruyere Signal"

einkorn , 1 hour ago

The server software is not open source.

massive_bereavement , 1 hour ago

Untrue. Stop spreading FUD:
https://github.com/signalapp/Signal-Server

30p87 , 1 hour ago

There’s a grain of truth in the claim: We don’t know for sure if the original open source version is actually running on the server.

Plopp , 50 minutes ago

Isn’t that true of all server side FOSS?

30p87 , 42 minutes ago

Yes. We just have to trust them. Or selfhost, which I’m doing with almost everything.

einkorn , 37 minutes ago

In that case: They started publishing code AGAIN.

The server soft has been available, then not, and apparently now again.

30p87 , 1 hour ago

That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.

RmDebArc_5 , 2 hours ago

Apparently what happened is that French police installed some of malware on the phones to read the messages, and this was now decided to be legal in the UK.

linearchaos , 2 hours ago

Damn, we’ll need those linux phones working soon.

smeeps , 1 hour ago

Then they enforce the chipmakers to put backdoors in the chips themselves

bjoern_tantau , 46 minutes ago

What would that change?

lastweakness , 37 minutes ago

You’d have enough control over the software that you can ensure nothing like this happens

bjoern_tantau , 5 minutes ago

The basic security stuff exists on Android and iOS as well, namely full disk encryption. When that is defeated through a missing or bad password nothing keeps them from installing their malware with device access.

If they got in through an external security vulnerabilities in some software package the situation is also the same on either OS.

umami_wasbi , 2 hours ago

A French and Dutch Joint Investigation Team (JIT) harvested more than 115 million supposedly encrypted messages from an estimated 60,000 users of EncroChat phones after infecting the handsets with a software “implant”.

Looks like they just hack the phone

original_reader , 55 minutes ago

How does one get an “implant” onto a phone?

Plopp , 51 minutes ago

You implant it, duh.

otter , 10 minutes ago

en.m.wikipedia.org/wiki/EncroChat

So this sounds like the ANOM phone story with extra steps?

I get that they can “access” messages, but the headline feels misleading if it requires full access to the device.

It’s not that they’re breaking encryption or reading messages in transit, it’s more like they’re installing malware on specific devices so that they can look at your screen?