The cybersecurity expert John McAfee and four hackers demonstrated that is is possible to read a WhatsApp message even if it is encrypted. The hacker crew used their servers located in a remote section in the mountains of Colorado
McAfee reported the success to the Cybersecurity Ventures and shared the details of the clamorous hack.
The hacked message was exchanged between two researchers located at the New York City headquarters office of the digital forensics firm LIFARS. The researchers used two brand new Android phones running a tiny app written by McAfee and his colleagues.
Cybersecurity Ventures reported the message was sent at 2:45pm EST in New York, and the hackers read it in Colorado one minute later. Wait, but WhatsApp implements end-to-end encryption. How is it possible?
McAfee explained that the problem doesn’t affect WhatsApp but the Android OS that is affected by a serious design flaw. The exploitation of the vulnerability allowed McAfee’s team to take full control of the information managed by the mobile device.
We have no information about the components of the team, we only know that one of them is Chris Roberts, a security researcher that in May 2015 announced via Twitter that he was able to hack the flight he was on. Roberts was arrested by the FBI, the experts claimed he had burrowed through the aircraft’s onboard entertainment system to gain control over critical systems of the airplane.
“I have been warning the world for years that we are teetering on the edge of an abyss, that our cyber security paradigms no longer function, and that chaos will descend if something is not done” said McAfee, commenting the successfully hack of the WhatsApp message. “The fundamental operating system (Android), used by 90% of the world, and that should be the first bulwark against malicious intrusion, is flawed. Should I not bring this to the world’s attention through a dramatic demonstration? Do I not owe it to the world?”
Experts from LIFARS who analyzed the mobile phones reported the presence of “malware traces,” a memo issued by the CEO Ondrej Krehel confirms the smartphones have been infected by a spyware app that allowed hackers to log keystrokes. According to Krehel, the hackers haven’t rooted the device in order to exploit the flaw, more information will be disclosed after that McAfee and his team will discuss the flaw with Google, and I believe it is important to highlight that McAfee is doing this not for money.
“McAfee said he is open to dialogue with Google and WhatsApp in order to help remedy the vulnerability, and there would be no cost for his services. “This in no way was done for financial gain. This was my obligation to my tribe” said McAfee.” continues Cybersecurity Ventures.
Are you a SnapChat user? Bad news also for you, McAfee confirmed that similar problems have been noticed also with other messaging apps.
If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.
(Security Affairs – WhatsApp Message, hacking)