We can always hazard a guess as to why most disinformation campaigns are run. There is usually a clear end-goal that anyone willing to take a second to analyse will see. Some actors are spreading disinformation that Zimbabwe State Security can now hack WhatsApp, armed with just a phone number. Is it disinformation thoough?
The above sounds like quite the claim to many who are used to seeing the following on WhatsApp, “Messages and calls are end-to-end encrypted. No one outside this chat , not even WhatsApp can read or listen to them.”
That sounds ironclad, Zimbabwe State Security is included in the ‘no one outside this chat’ section and so they should not be able to read or listen to your WhatsApp correspondence.
Let’s break down how the end-to-end encryption works.
How WhatsApp end-to-end encryption works
- Message Encryption: When you send a message, it’s turned into a code that only the receiver’s phone can unlock.
- Message Decryption: When the receiver gets the message, their phone turns the code back into the original message.
WhatsApp’s Role: WhatsApp only acts as a messenger, carrying the message. They cannot see the contents. The encryption keys needed to decode the messages are stored only on users’ devices, not on WhatsApp’s servers.
WhatsApp uses what’s called the Signal Protocol for encryption and security guys say it’s as good as it gets.
It would be incredibly difficult for anyone, even WhatsApp itself or Zimbabwe State Security, to break this encryption and read your messages. It requires too much in resources and expertise to pull off.
In fact, there is no record of any entity ever breaking WhatsApp’s encryption.
So, we are golden, right? We need not pay any mind to the disinformation campaign? Well…
Other ways to hack
While no one has been ale to break the encryption itself, some actors have been able to access people’s messages without consent. How is that possible if the encryption cannot be broken?
In 2019, the Pegasus spyware developed by the NSO Group exploited a vulnerability in WhatsApp, allowing attackers to install spyware on phones via missed calls. This did not break the encryption itself but took control of the device.
So, if phones are hacked or malware is installed to intercept messages before they are encrypted, WhatsApp’s encryption won’t save you.
Targeting specific individuals by infecting their phones with spyware to capture messages before they are encrypted or after they are decrypted is how Pegasus did it.
You need more than just a phone number to pull this off. Although there is a lot that state security could do with just a phone number.
So, if the claim that Zimbabwe State Security can now hack WhatsApp messages with just a phone number is interpreted to mean they now have sophisticated ways to infect targeted devices with malware then I guess we can say it’s possible.
Do remember that Pegasus was an Israeli spyware and the Zim government does have good relations with the Israelis. So, it’s not that crazy to think they would have acquired something like this.
Government requests
The government could legally compel Meta to hand over user data. However, WhatsApp protects itself from such requests by ensuring there is end-to-end encryption which ensures they could not comply, even if they wanted to.
However, they might still give metadata (information about who messaged whom and when) if compelled.
Real threat or nah?
Likelihood of Zimbabwe State Security hacking your WhatsApp:
- Direct Hacking: Hacking into the actual encryption is extremely difficult and highly unlikely because of the strong encryption used.
- Alternative Methods: They might try to hack individual phones to access messages directly from the device, as seen with Pegasus. It’s possible but you’ll have to decide the probability. Do this knowing that if you’re targeted thus, there is little you can do about it.
- Legal Pressure: They might also legally pressure Meta to include backdoors in their systems, but as of now, Meta has resisted such demands from more powerful governments, so I doubt little old Zimbabwe would succeed. Alternatively, they could compel Meta for metadata and that tells them who is talking to whom, which is valuable information in their line of business.
In the end, this might just be a campaign to instil fear in the populace that Big Brother is watching.
In WhatsApp, people have found a secure tool that they feel free to say whatever they want to say, or organise whatever they want to organise. It is in the government’s interests to dispel you of that notion.
Personally, I think this is all this disinformation campaign is meant to achieve. I do not believe there is any Pegasus-style capability but that’s my opinion. Do not stake your life on that. I will not be responsible if your messages get you in trouble, however unlikely that is.
If you’re a person of interest and they decide to target you, chances are they will have some success in infiltrating your safe space.
However, we can categorically say they won’t be able to just jump into WhatsApp accounts willy-nilly, they do not have a dashboard that allows them to peruse everyone’s chats. So, don’t worry, your dirty jokes are safe.
55 comments
Using pegasus means you do have to be really important because if memory saves me right it was going for like a 100k for a single number.
Ok
Maone
Hacking into WhatsApp may be too exhaustive even for the gvt, however there are a lot of cheap hacking tools which could enable a tech savvy gvt department to gather sensitive data on phones. In intelligence circle such sensitive data can then be used to solve many jigsaw puzzles especially in opposition politics which this gvt basically invests most of it’s intelligence resources.
20241904
449152-68
It is highly unlikely that they can hack whatsapp although companies like Cellebrite make it easy for law enforcement to break into your phones encryption. So if they decide you are a target all they have to do is arrest you for a few hours and gain access to everything on your phone
Their propaganda does not scare me.
Mark my words, their end is nigh. They will not escape justice.
What they have sown, they shall reap!
🤣👍
I dont think youre informed with your assertion, ever since i watched the documentary, “How WhatsApp makes Money”. I was informed. Whatsapp os not as encypted as it purpose to be, a lot of people have managed to attack the vulnerability in their source code to get acveas to whatever information they need, it doesnt take that much effort, you only meed time.
Once you break into Whatsapp source code then how do you decrypt the data in transit?.
It’s very possible, they can do that.
ZVANZI “HOW” vara riri mumaQuotations rinoreva kuti sei? saka mukoma Joseph mr E.N.M vanoda kuziva kuti sei
The only other option I see available is if Big Brother accesses your phone and do a physical sync of devices. This option you can always check if in doubt pliz reset your QR code regularly to lose trail of predators
How
There is no system that is totally secure. Even the US Government’s Pentagon gets hacked, inspite of layers of security (Remember Edward Snowdon, and Julian Asange – Wikileaks).
For example major Corporations are “quietly and privately” settling millions in RANSOMWARE claims from organised cyber-crime syndicates. Cybersecurity is very BIG business, running into hundreds of billions.
Visit this Report: https://www.fortinet.com/resources/cyberglossary/recent-ransomware-settlements
Personally, I do not buy the end-to-end encryption narrative, it gives false assurance. But we all have different risk appetites and profiles.
I am just sharing my piece.
I can’t find a way to message you privately for a comment on language, Leonard.
Many thanks for this informative article. But please note:
“It is in the government’s interests to dispel you of that notion.”
dispel: verb
make (a doubt, feeling, or belief) disappear.
You dispel doubts, ideas, feelings, beliefs, notions etc. You cannot dispel people.
One disabuses people, you or me etc, of unfounded ideas etc.
Assuming the first paragraph is a complement to Cyber-Citizen, Thank you.
Public platforms can attract unfavourable attention, so I am constrained to share contacts in good conscience.
Thank you for engaging. The notion that the govt is trying to dispel people of is the notion that they can text securely, free from prying eyes. That’s the notion, I didn’t say the govt want to dispel people.
fak this junta lies
People have a wild imagination. You donot need such sophistication to compromise devices, when you can exploit the fact that most people are either hungry or greedy. They will turn on anyone for the right price. Tshabangu is proof of this. The most effective exploit delivery method is through social engineering. The people you know, your relatives, and close friends’ habits are a security risk to you. All it takes, is for some careless person in your social circle to get that malicious video/image/audio/document/link and you are done.
Dont click anything from anyone. Set your WhastApp to stop auto downloading videos,audio and images, it will keep you safe, plus you will save on data.
FYI, last i checked Pegasus exploited a vulnerability in iOS , ie iPhones, called a zero click exploit. Delivered through a malicious URL link, i am not sure of the missed call thing. Anyway, it must have been patched by now. Its interesting that most notorious people use iPhones, there are documented cases of many a criminal who have been apprehended by being tracked via, either their iPhone or iCloud. Just putting that out there.
Also what is a Vakarashi? Yes, i live in a cave, under a rock.
449152-68
Yooor
Could be misinformation but hear me out…
Lately I noticed WhatsApp desktop will allow me to receive an OTP to my WhatsApp number as opposed to scanning the QR code.
What stops State Security from pressurising Mobile Operators to give them access to said numbers?
For educational purposes, I’d go so far as to claim a simple Social Engineering practice usually encountered in the finance world…
OTP bots…
The Zim govt is so obsessed and scared of anything to the extent they’ll really want to spy on every phone in the country Kuvhunduka chati kwatara hunger uyine Chaska turika.
One day I entered a print shop intending to get a file printed from my fone. Instead of using a USB cable, they insisted that the file was to be printed from whatsapp.
After making the sending process I noticed that my chats were on their desktop screen. So this assertion that state security can access whatsapp chats is not disinformation.
You literally gave them access
Maybe in group chats not private chats
Hey Guys, Are you in need of a professional hacker? Contact one of the best Russian hacker ( double07hacker@gmailcom) He offers services such as: -Website hack -Changing school grades without leaving traces -Clearing criminal records without leaving traces -Bank account hack/funds transfer -Facebook and whatsapp hack -Email hack -Phone cloning -call tracking -Retrieval of lost documents and so many other services.
If you are a person of interest to the govt and they really and I mean really want to know who you are talking to then they will use Pegasus to hack you.
But for the general public you are OK…and the govt won’t bother hacking you because the sellout in that group chat where you posted things that might upset the govt will report you.
But even then you still mostly safe unless you’re unlucky.
Its verry possible, i know for a fact
5
Techzim, your post is lost. Remember the Zim government installed Huawei lawful interception gateways under a USD 11m project with all ISPs/IAPs at gateway points except Liquid/ZOL (failure reasons held by me) . All the magic is happening there with lawful interception gateways. If you are on Liquid/ZOL network then you are safe.
The messages are still encrypted on device so intercepting them in transit won’t work because all you’ll see is gibberish.
On the topic of interception before encryption, interest groups in EU, aka the politicians, are trying to bring Apple’s client side scanning back for everyone by calling it Upload Moderation. They should stay on brand and just call it 5 eyes or something. It’s ridiculous how they are slowly adopting Chinese policies by dressing them up in nice sounding words. It’s ironic, but at this rate, within our borders, Africa might be the last place on earth to retain some digital privacy, only by virtue of being too poor to force this nonsense directly
It is easy for state actors, step 1 contact the phone carrier, tell/force them to make a duplicate sim card. Step 2 access the Whatsapp account.
This is so unfair
Hi everybody l am from Zimbabwe.
I am 17 years old.
I am a hacker
I can teach you how to hack anyone WhatsApp account using kalinux it’s so simple
I did learn hacking myself from the age of 11 and as of now l have hacked 6 organisations including some online platforms such as WhatsApp, Facebook and Instagram.
And for the past 3 weeks l have been working on how to hack someone innbucks account and l have managed to do it.
I do practice hacking with my own accounts
By the that l have seen so many weaknesses of innbucks security measures
If you want to know more about hacking dm on +263 785 701 529
Stop it Welly
Maone
Haaa thats not fair
Rubbish
I think it’s possible. How else do we hear govts hack into our WhatsApp messages and are sometimes provided as evidence in courts of law. Personally I have not not been privy to such… But I hear so.
1. 3FA
2. Don’t use mod versions of whatsapp
Early this year Ghana banned all civil servants from using modified app versions as one of them had a backdoor for the bad boys to piggy back in on.
So avoid these GB Yo etc and if I wanted to whack into people’s accounts I would promote a mod apk with a Trojan horse. That’s how I would do it because hackers know that the average person wants more , free , extra ….. while loading rogue code.
Outrageous claims require outrageous evidence.If these guys claim they can do so they should just prove it.What I believe they can do as far as hacking WhatsApp is concerned is to intercept the verification code used when installing whatsapp.Then through social engineering they can acquire information from people you talk to
Encryption is not true….
Otherwise terrorists would have a fieldday…
47
They dont even need to hack your whatsapp considering how you spill intel on platforms like facebook especially in comments section. Between Jan and June how many pages where running shutdown campaigns 😂😂😂 counter intel got that on a sliver platter and did it ever happen. In short makanyanya kuvhurika saka why hack when it is always in public doman!
Airtime
15 dollar
Whatsapp can be hacked, i have a huawei phone that makes international calls on its own when screen is locked,secondly after that when i am using the phone it will freeze and the screen locks on its own,after someone time i will see a notification saying you have been logged out of whatsapp. But if i use another number to send a whatsapp msge to that number ,that logged out number will be online. If i sent message the message will be blueticked.but if i try to register that same number whatsapp will say i have been banned .on that phone if i register whatsapp within two hours i will be logged out
That sounds more interesting and well covered
I’m trying to activate my WhatsApp but it’s saying you need official app to login, what could be the problem and how do I solve it