The New York Times detailed a new stash of documents released by WikiLeaks, indicating that the CIA used “sophisticated software tools” to break into connected devices like smartphones, computers, and smart TVs. Even more startling, the U.S. government was allegedly able to bypass encrypted messaging apps like Signal and WhatsApp, which the Times described as something that “would rock the technology world” if true.
The problem with this claim is the phrasing. It’s a big deal that the CIA hacked into connected devices, but the report seems to suggest that the apps themselves had a major flaw. That doesn’t appear to be the case. Instead, the feds circumvented encryption by hacking the phones, which makes it possible for anyone to access any app on the phones.
This (NYT) isn’t correct. NOTHING new about saying *if* your phone is hacked, your apps can be bypassed. Has always been true & reported. pic.twitter.com/UOc8uT5zmm
— Zeynep Tufekci (@zeynep) March 7, 2017
Open Whisper Systems, the organization behind Signal, also tweeted a similar clarification:
The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.
— Open Whisper Systems (@whispersystems) March 7, 2017