A thorough inspection of the mobile hacking practices outlined in the documents released by WikiLeaks on Tuesday reveals that the CIA is still yet to crack the end-to-end encryption protocols used by Signal, WhatsApp and a host of other messaging services.
In fact, the 9,000-page data dump of CIA hacking tools appears to praise the strength of the encryption technology adopted by service providers, who rightfully claim that neither themselves or government agencies can see or read data while it’s in transit.
— WikiLeaks (@wikileaks) March 7, 2017
Um, no it can’t.
This doesn’t mean that the CIA can’t monitor communication by compromising a device sending or receiving a message using malware — because it can (and that’s outlined in the dump). It just can’t view the contents of the text while it’s being transmitted from one handset to another.
“The CIA/WikiLeaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption,” said Open Whisper Systems, the encryption provider for both Signal and WhatsApp.
If your handset doesn’t have any malware, you’re safe
If you’re cautious enough to care about end-to-end encryption, you’re probably confident that your device isn’t infected with any nasty malware that permits a total-device takeover, and if that’s the case, you can rest assured that the CIA (and rogue hackers, for that matter) can’t see your messages.
You just need to hope the person on the other end of the line is just as cautious as you are.