Spyware attack: Is WhatsApp's end-to-end encryption just a gimmick?
The discovery that hackers could snoop on WhatsApp should alert users of supposedly secure messaging apps to an uncomfortable truth: “End-to-end encryption” sounds nice — but if anyone can get into your phone’s operating system, they will be able to read your messages without having to decrypt them. According to a report in the Financial Times on Tuesday, the spyware that exploited the vulnerability was Pegasus, made by the Israeli company NSO. The malware could access a phone’s camera and microphone, open messages, capture what appears on a user’s screen, and log keystrokes — rendering encryption pointless. It works on all operating systems, including Apple’s iOS, Google’s Android, and Microsoft’s rarely used mobile version of Windows. The cybersecurity community has known about it for years, and activists have been raising hell about its use against dissidents and journalists in dozens of countries — although NSO itself says it doesn’t sell Pegasus to unsavory regimes and t...