Wednesday, March 8, 2017

Crypto doesn't matter once they pwn the device it runs on

from here
If the news about the Vault7 leak on Wikileaks has you wondering about the security of messaging apps like Signal or WhatsApp, then stop. The news doesn't highlight any problem with those apps. The CIA bypassed not just the encryption in those apps, they bypassed the apps entirely by compromising the devices the apps run on. The messages have to be decrypted on the device in order for you to read/hear them, as well as reply to them. If those devices happen to be compromised then whoever has compromised the device can also read/hear those messages and your replies.