A few days ago, Brazilian justice requested the suspension of WhatsApp services for the third time in the country on the grounds that the company declined to offer message exchange data between criminal suspects investigated by police. However, according to two security and encryption experts, Brazilian authorities may instead go around WhatsApp end-to-end encryption to access user data and communications.
There are several ways authorities can get around end-to-end encryption
This weekend, POCA magazine spoke with security and encryption experts Riana Pfefferkorn, researcher responsible for the Stanford Law School Center for Internet and Society, and Robert Muggah, security and development expert and research director at the Institute. Igarap. According to both experts, justice is losing control over its citizens' information domain, so it most likely ends up making unabated demands, as in the case of WhatsApp's blocking in the country:
"Authorities pressure technology companies to provide backdoor because they used to have so much information available easily. Strong encryption means that police work is not as easy as before," Riana said in an interview.
But is it possible to bypass WhatsApp encryption?
To say that WhatsApp messages are encrypted end-to-end means that only the sender and recipient of the messages are able to read its contents. This means that, using services like WhatsApp and Telegram, you can talk, write or send the image you want without worrying about whether the WhatsApp server or third parties will intercept and read your messages.
Strong encryption means police work is not as easy as before
However, according to expert Robert Muggah, it is possible to bypass WhatsApp encryption:
"There are a number of ways for authorities to go around end-to-end encryption to access their users' data and communications. This includes backups, with information saved in the cloud and Google Drive, for example; the act of requesting (unencrypted) information from the companies themselves, without the need for them to access the phone, "infiltration" when authorities can monitor matters by infiltrating conversation groups or channels, and penetration by hacking a laptop, as WhatsApp and Telegram can also be accessed over the web. "
Well, that's not very new. A month ago, we posted here a video showing a user who managed to hack WhatsApp and Telegram by circumventing SS7 (Signaling System # 7), a telephony protocol dating back to the 1970s, in order to use a any user is access to conversations on both messaging services.
Using SS7, the hacker causes your phone to be "confused" with that of the victim in question. This way, the user can access WhatsApp and Telegram with the phone number of the person being attacked, and can have full control of the victim's conversations produced from then on. Since this type of data interception was conducted without the user's consent, privacy here would be violated.
So you may be wondering if there is a democratic and secure way to bypass end-to-end encryption without violating users' privacy? Well, according to Riana said magazine, "no":
"Users are communicating by cutting-edge encryption precisely to protect privacy, so measures that circumvent this protection are invasive and violate people's fundamental right to privacy and freedom of expression. Inconsistent with democracy. Undermining the security of an encrypted application such as inserting a backdoor or hacking the smartphone becomes an insecure measure for all users. "
So, as we can see from the answers above, compel companies like WhatsApp and Telegram to disable the use of encryption or simply to prohibit encryption. Much less suspend the operation of services in the country. What Brazilian authorities could – and should – do to invest in information technology to obtain data more effectively.
And, do you really feel safe with end-to-end encryption of services like WhatsApp and Telegram?
. (tagsToTranslate) How to bypass WhatsApp encryption