Tech

Hackers are selling the keys to your WhatsApp messages

No one knows how or if the product works.

Photo of Patrick Howell O'Neill

Patrick Howell O'Neill

Article Lead Image

An Israeli hacking firm is selling software that intercepts data and breaks encryption from WhatsApp, the popular messenger used by over 1 billion people around the world, according to a new report in Forbes.

Featured Video

The surveillance tech, known as CatchApp, “provides complete access to all of a target’s WhatsApp content,” according to the marketing material from Wintego, the Israeli firm selling the product.

CatchApp, which can target 95 percent of current smartphones, promises man-in-the-middle interception of WhatsApp messages (“achieved in any of various ways”) and then “unprecedented” decryption of the messages.

The product was discovered when an anonymous source handed over Wintego’s marketing materials to Forbes, adding that it was being sold to police in 2016. 

Advertisement

There is no specific information about how any of this is done or if it even still works with the latest versions of WhatsApp, which boasts much more robust security capabilities than previous iterations. Neither WhatsApp nor Wintego responded to requests for comment.

WhatsApp encryption is used by Signal, the gold standard for encrypted messaging apps. Signal developers did not respond to a request for comment.

Due to the vagueness of the marketing materials and the silence from all parties involved, it’s not clear if CatchApp affects current versions of WhatsApp or similar secure communications apps. It may be that the material is old or vastly embellished to push sales.

What the Forbes report does do is shed light on the booming professional spying industry, which includes companies like Wintego, Hacking Team, and NSO Group. Governments and private entities increasing paying millions to these “offensive hacking” cyber-mercenaries that are often shrouded in secrecy. 

Advertisement

Contact the author: Patrick Howell O’Neill, pat@dailydot.com

 
The Daily Dot