Skip to content
Subscriber Only
Leonid Bershidsky

End-to-End Encryption Isn’t as Safe as You Think

The WhatsApp hack shows how supposedly secure messaging apps have a basic vulnerability.

Keeping your messages private requires old-school spycraft.

Keeping your messages private requires old-school spycraft.

Photographer: Jack English/Focus Features
Updated on

The discovery that hackers could snoop on WhatsApp should alert users of supposedly secure messaging apps to an uncomfortable truth: “End-to-end encryption” sounds nice — but if anyone can get into your phone’s operating system, they will be able to read your messages without having to decrypt them.

According to a report in the Financial Times on Tuesday, the spyware that exploited the vulnerability was Pegasus, made by the Israeli company NSO. The malware could access a phone’s camera and microphone, open messages, capture what appears on a user’s screen, and log keystrokes — rendering encryption pointless. It works on all operating systems, including Apple’s iOS, Google’s Android, and Microsoft’s rarely used mobile version of Windows.