Varakashi are saying Zim State Security can now access your WhatsApp messages, let’s talk about it

Leonard Sengere Avatar

Leonard Sengere

E2EE, WhatsApp messaging, mobile security in Zimbabwe, Security in Zimbabwe

We can always hazard a guess as to why most disinformation campaigns are run. There is usually a clear end-goal that anyone willing to take a second to analyse will see. Some actors are spreading disinformation that Zimbabwe State Security can now hack WhatsApp, armed with just a phone number. Is it disinformation thoough?

The above sounds like quite the claim to many who are used to seeing the following on WhatsApp, “Messages and calls are end-to-end encrypted. No one outside this chat , not even WhatsApp can read or listen to them.”

That sounds ironclad, Zimbabwe State Security is included in the ‘no one outside this chat’ section and so they should not be able to read or listen to your WhatsApp correspondence.

Let’s break down how the end-to-end encryption works.

How WhatsApp end-to-end encryption works

  1. Message Encryption: When you send a message, it’s turned into a code that only the receiver’s phone can unlock.
  2. Message Decryption: When the receiver gets the message, their phone turns the code back into the original message.

WhatsApp’s Role: WhatsApp only acts as a messenger, carrying the message. They cannot see the contents. The encryption keys needed to decode the messages are stored only on users’ devices, not on WhatsApp’s servers.

WhatsApp uses what’s called the Signal Protocol for encryption and security guys say it’s as good as it gets.

It would be incredibly difficult for anyone, even WhatsApp itself or Zimbabwe State Security, to break this encryption and read your messages. It requires too much in resources and expertise to pull off.

In fact, there is no record of any entity ever breaking WhatsApp’s encryption.

So, we are golden, right? We need not pay any mind to the disinformation campaign? Well…

Other ways to hack

While no one has been ale to break the encryption itself, some actors have been able to access people’s messages without consent. How is that possible if the encryption cannot be broken?

In 2019, the Pegasus spyware developed by the NSO Group exploited a vulnerability in WhatsApp, allowing attackers to install spyware on phones via missed calls. This did not break the encryption itself but took control of the device.

So, if phones are hacked or malware is installed to intercept messages before they are encrypted, WhatsApp’s encryption won’t save you.

Targeting specific individuals by infecting their phones with spyware to capture messages before they are encrypted or after they are decrypted is how Pegasus did it.

You need more than just a phone number to pull this off. Although there is a lot that state security could do with just a phone number.

So, if the claim that Zimbabwe State Security can now hack WhatsApp messages with just a phone number is interpreted to mean they now have sophisticated ways to infect targeted devices with malware then I guess we can say it’s possible.

Do remember that Pegasus was an Israeli spyware and the Zim government does have good relations with the Israelis. So, it’s not that crazy to think they would have acquired something like this.

Government requests

The government could legally compel Meta to hand over user data. However, WhatsApp protects itself from such requests by ensuring there is end-to-end encryption which ensures they could not comply, even if they wanted to.

However, they might still give metadata (information about who messaged whom and when) if compelled.

Real threat or nah?

Likelihood of Zimbabwe State Security hacking your WhatsApp:

  • Direct Hacking: Hacking into the actual encryption is extremely difficult and highly unlikely because of the strong encryption used.
  • Alternative Methods: They might try to hack individual phones to access messages directly from the device, as seen with Pegasus. It’s possible but you’ll have to decide the probability. Do this knowing that if you’re targeted thus, there is little you can do about it.
  • Legal Pressure: They might also legally pressure Meta to include backdoors in their systems, but as of now, Meta has resisted such demands from more powerful governments, so I doubt little old Zimbabwe would succeed. Alternatively, they could compel Meta for metadata and that tells them who is talking to whom, which is valuable information in their line of business.

In the end, this might just be a campaign to instil fear in the populace that Big Brother is watching.

In WhatsApp, people have found a secure tool that they feel free to say whatever they want to say, or organise whatever they want to organise. It is in the government’s interests to dispel you of that notion.

Personally, I think this is all this disinformation campaign is meant to achieve. I do not believe there is any Pegasus-style capability but that’s my opinion. Do not stake your life on that. I will not be responsible if your messages get you in trouble, however unlikely that is.

If you’re a person of interest and they decide to target you, chances are they will have some success in infiltrating your safe space.

However, we can categorically say they won’t be able to just jump into WhatsApp accounts willy-nilly, they do not have a dashboard that allows them to peruse everyone’s chats. So, don’t worry, your dirty jokes are safe.

Also read:

,

53 comments

What’s your take?

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Tino

    Using pegasus means you do have to be really important because if memory saves me right it was going for like a 100k for a single number.

    Reply
  2. Peter

    Ok

    Reply
    1. Newman

      Maone

      Reply
  3. Wengai Burwa

    Hacking into WhatsApp may be too exhaustive even for the gvt, however there are a lot of cheap hacking tools which could enable a tech savvy gvt department to gather sensitive data on phones. In intelligence circle such sensitive data can then be used to solve many jigsaw puzzles especially in opposition politics which this gvt basically invests most of it’s intelligence resources.

    Reply
  4. Anonymous

    20241904

    Reply
    1. Anonymous

      449152-68

      Reply
  5. Anon

    It is highly unlikely that they can hack whatsapp although companies like Cellebrite make it easy for law enforcement to break into your phones encryption. So if they decide you are a target all they have to do is arrest you for a few hours and gain access to everything on your phone

    Reply
  6. Freedom2024

    Their propaganda does not scare me.
    Mark my words, their end is nigh. They will not escape justice.
    What they have sown, they shall reap!

    Reply
    1. Nobody Important

      🤣👍

      Reply
  7. Axn Nyama

    I dont think youre informed with your assertion, ever since i watched the documentary, “How WhatsApp makes Money”. I was informed. Whatsapp os not as encypted as it purpose to be, a lot of people have managed to attack the vulnerability in their source code to get acveas to whatever information they need, it doesnt take that much effort, you only meed time.

    Reply
    1. E.N.M

      Once you break into Whatsapp source code then how do you decrypt the data in transit?.

      Reply
  8. Joseph

    It’s very possible, they can do that.

    Reply
    1. TheyKilled Keirnan Forbes

      ZVANZI “HOW” vara riri mumaQuotations rinoreva kuti sei? saka mukoma Joseph mr E.N.M vanoda kuziva kuti sei

      Reply
  9. Giribheti Abhero

    The only other option I see available is if Big Brother accesses your phone and do a physical sync of devices. This option you can always check if in doubt pliz reset your QR code regularly to lose trail of predators

    Reply
    1. Sadness

      How

      Reply
  10. Cyber-Citizen 2024

    There is no system that is totally secure. Even the US Government’s Pentagon gets hacked, inspite of layers of security (Remember Edward Snowdon, and Julian Asange – Wikileaks).

    For example major Corporations are “quietly and privately” settling millions in RANSOMWARE claims from organised cyber-crime syndicates. Cybersecurity is very BIG business, running into hundreds of billions.

    Visit this Report: https://www.fortinet.com/resources/cyberglossary/recent-ransomware-settlements

    Personally, I do not buy the end-to-end encryption narrative, it gives false assurance. But we all have different risk appetites and profiles.

    I am just sharing my piece.

    Reply
  11. John Vekris

    I can’t find a way to message you privately for a comment on language, Leonard.
    Many thanks for this informative article. But please note:
    “It is in the government’s interests to dispel you of that notion.”
    dispel: verb
    make (a doubt, feeling, or belief) disappear.

    You dispel doubts, ideas, feelings, beliefs, notions etc. You cannot dispel people.
    One disabuses people, you or me etc, of unfounded ideas etc.

    Reply
    1. Anonymous

      Assuming the first paragraph is a complement to Cyber-Citizen, Thank you.

      Public platforms can attract unfavourable attention, so I am constrained to share contacts in good conscience.

      Reply
    2. Leonard Sengere

      Thank you for engaging. The notion that the govt is trying to dispel people of is the notion that they can text securely, free from prying eyes. That’s the notion, I didn’t say the govt want to dispel people.

      Reply
  12. bool sh!t junta

    fak this junta lies

    Reply
  13. Always Off Topic

    People have a wild imagination. You donot need such sophistication to compromise devices, when you can exploit the fact that most people are either hungry or greedy. They will turn on anyone for the right price. Tshabangu is proof of this. The most effective exploit delivery method is through social engineering. The people you know, your relatives, and close friends’ habits are a security risk to you. All it takes, is for some careless person in your social circle to get that malicious video/image/audio/document/link and you are done.

    Dont click anything from anyone. Set your WhastApp to stop auto downloading videos,audio and images, it will keep you safe, plus you will save on data.

    FYI, last i checked Pegasus exploited a vulnerability in iOS , ie iPhones, called a zero click exploit. Delivered through a malicious URL link, i am not sure of the missed call thing. Anyway, it must have been patched by now. Its interesting that most notorious people use iPhones, there are documented cases of many a criminal who have been apprehended by being tracked via, either their iPhone or iCloud. Just putting that out there.

    Reply
    1. Always Off Topic

      Also what is a Vakarashi? Yes, i live in a cave, under a rock.

      Reply
  14. Encrypted conversation

    449152-68

    Reply
  15. Bernard Richard

    Yooor

    Reply
  16. The_Observer263

    Could be misinformation but hear me out…

    Lately I noticed WhatsApp desktop will allow me to receive an OTP to my WhatsApp number as opposed to scanning the QR code.

    What stops State Security from pressurising Mobile Operators to give them access to said numbers?

    Reply
    1. The_Observer263

      For educational purposes, I’d go so far as to claim a simple Social Engineering practice usually encountered in the finance world…

      OTP bots…

      Reply
  17. POSSENTI MKUMBUZI

    The Zim govt is so obsessed and scared of anything to the extent they’ll really want to spy on every phone in the country Kuvhunduka chati kwatara hunger uyine Chaska turika.

    Reply
  18. Free Duri

    One day I entered a print shop intending to get a file printed from my fone. Instead of using a USB cable, they insisted that the file was to be printed from whatsapp.
    After making the sending process I noticed that my chats were on their desktop screen. So this assertion that state security can access whatsapp chats is not disinformation.

    Reply
    1. Unknown

      You literally gave them access

      Reply
  19. King

    Maybe in group chats not private chats

    Reply
  20. Mike Felder

    Hey Guys, Are you in need of a professional hacker? Contact one of the best Russian hacker ( double07hacker@gmailcom) He offers services such as: -Website hack -Changing school grades without leaving traces -Clearing criminal records without leaving traces -Bank account hack/funds transfer -Facebook and whatsapp hack -Email hack -Phone cloning -call tracking -Retrieval of lost documents and so many other services.

    Reply
  21. The Empress

    If you are a person of interest to the govt and they really and I mean really want to know who you are talking to then they will use Pegasus to hack you.
    But for the general public you are OK…and the govt won’t bother hacking you because the sellout in that group chat where you posted things that might upset the govt will report you.
    But even then you still mostly safe unless you’re unlucky.

    Reply
  22. Anonymous

    Its verry possible, i know for a fact

    Reply
    1. Anonymous

      5

      Reply
  23. Chamakuvangu

    Techzim, your post is lost. Remember the Zim government installed Huawei lawful interception gateways under a USD 11m project with all ISPs/IAPs at gateway points except Liquid/ZOL (failure reasons held by me) . All the magic is happening there with lawful interception gateways. If you are on Liquid/ZOL network then you are safe.

    Reply
    1. Unknown

      The messages are still encrypted on device so intercepting them in transit won’t work because all you’ll see is gibberish.

      Reply
  24. Peeping Gov

    On the topic of interception before encryption, interest groups in EU, aka the politicians, are trying to bring Apple’s client side scanning back for everyone by calling it Upload Moderation. They should stay on brand and just call it 5 eyes or something. It’s ridiculous how they are slowly adopting Chinese policies by dressing them up in nice sounding words. It’s ironic, but at this rate, within our borders, Africa might be the last place on earth to retain some digital privacy, only by virtue of being too poor to force this nonsense directly

    Reply
  25. Sam Vischer

    It is easy for state actors, step 1 contact the phone carrier, tell/force them to make a duplicate sim card. Step 2 access the Whatsapp account.

    Reply
  26. Khotso

    This is so unfair

    Reply
  27. Wellington kaiya (mr_nobody_from_dark_planet)

    Hi everybody l am from Zimbabwe.
    I am 17 years old.

    I am a hacker

    I can teach you how to hack anyone WhatsApp account using kalinux it’s so simple

    I did learn hacking myself from the age of 11 and as of now l have hacked 6 organisations including some online platforms such as WhatsApp, Facebook and Instagram.

    And for the past 3 weeks l have been working on how to hack someone innbucks account and l have managed to do it.

    I do practice hacking with my own accounts

    By the that l have seen so many weaknesses of innbucks security measures

    If you want to know more about hacking dm on +263 785 701 529

    Reply
  28. Newman

    Maone

    Reply
  29. Newman mucheki

    Haaa thats not fair

    Reply
  30. So what

    Rubbish

    Reply
  31. Tom

    I think it’s possible. How else do we hear govts hack into our WhatsApp messages and are sometimes provided as evidence in courts of law. Personally I have not not been privy to such… But I hear so.

    Reply
  32. Robert

    1. 3FA
    2. Don’t use mod versions of whatsapp

    Early this year Ghana banned all civil servants from using modified app versions as one of them had a backdoor for the bad boys to piggy back in on.

    So avoid these GB Yo etc and if I wanted to whack into people’s accounts I would promote a mod apk with a Trojan horse. That’s how I would do it because hackers know that the average person wants more , free , extra ….. while loading rogue code.

    Reply
  33. User

    Outrageous claims require outrageous evidence.If these guys claim they can do so they should just prove it.What I believe they can do as far as hacking WhatsApp is concerned is to intercept the verification code used when installing whatsapp.Then through social engineering they can acquire information from people you talk to

    Reply
  34. Walla

    Encryption is not true….
    Otherwise terrorists would have a fieldday…

    Reply
  35. Madelyn

    47

    Reply
  36. Me

    They dont even need to hack your whatsapp considering how you spill intel on platforms like facebook especially in comments section. Between Jan and June how many pages where running shutdown campaigns 😂😂😂 counter intel got that on a sliver platter and did it ever happen. In short makanyanya kuvhurika saka why hack when it is always in public doman!

    Reply
  37. Nicole

    Airtime

    Reply
    1. Nicole

      15 dollar

      Reply
      1. Home

        Whatsapp can be hacked, i have a huawei phone that makes international calls on its own when screen is locked,secondly after that when i am using the phone it will freeze and the screen locks on its own,after someone time i will see a notification saying you have been logged out of whatsapp. But if i use another number to send a whatsapp msge to that number ,that logged out number will be online. If i sent message the message will be blueticked.but if i try to register that same number whatsapp will say i have been banned .on that phone if i register whatsapp within two hours i will be logged out

        Reply
  38. Jolly

    That sounds more interesting and well covered

    Reply
Share
Home