John McAfee convinces reporters he can hack WhatsApp encryption with pre-installed keyloggers
Cybersecurity expert John McAfee and a team of four other hackers claimed to have found a flaw in Google’s mobile platform that allows them to read encrypted WhatsApp messages. If his claim was true, it would have rendered WhatsApp privacy safeguards meaningless, according to a report from Cybersecurity Ventures.
For those unfamiliar with what we are talking about, WhatsApp had recently enabled message encryption for its app where messages sent and received are encrypted end-to-end, which means that technically hackers will not be able to read your messages even if they are intercepted. The company has regarded the move as one that would help protect and secure the communications of all WhatsApp users around the world.
In an apparent attempt to convince reporters, McAfee send them phones pre-installed with malware containing a keylogger, and convincing them he somehow cracked the encryption on WhatsApp. According to cybersecurity expert Dan Guido, who was contacted by a reporter trying to validate McAfee’s claims, McAfee planned to send this reporter two Samsung phones in sealed boxes. Then, experts working for McAfee in front of the reporters would remove the phones out of the boxes and McAfee would read the messages being sent on WhatsApp over a Skype call.
“[John McAfee was offering to a different couple of news organizations to mail them some phones, have people show up, and then demonstrate with those two phones that [McAfee] in a remote location would be able to read the message as it was sent across the phones,” Guido said. “I advised the reporter to go out and buy their own phones, because even though they come in a box it’s very easy to get some saran wrap and a hair dryer to rebox them.”
LIFARS, a cyber-intelligence and digital forensics firm, which conducted forensics believes that the trick didn’t involve getting root access to the phone and that there were signs of both keyboard recording and spyware vulnerabilities. This would then target an everyday Android phone, and not simply one that’s already compromised.
On being asked who should be held responsible for the vulnerability, McAfee was quick to say that WhatsApp should be blamed, and that the problem lies with Google. He claims that he and his team have discovered a “serious design flaw” that allows access to virtually everything on Android devices, including encrypted WhatsApp messages.
Considering McAfee’s past, one cannot be 100 percent certain if his claims are true. On the other hand, McAfee said that he is open to dialogue with Google and WhatsApp in order to help get rid of the vulnerability, and he would not charge fee for his services. “This in no way was done for financial gain. This was my obligation to my tribe,” said McAfee.