We can always hazard a guess as to why most disinformation campaigns are run.
There is usually a clear end-goal that anyone willing to take a second to analyse will see. Some actors are spreading disinformation that Zimbabwe State Security can now hack WhatsApp, armed with just a phone number. Is it disinformation though?
The above sounds like quite the claim to many who are used to seeing the following on WhatsApp, “Messages and calls are end-to-end encrypted. No one outside this chat , not even WhatsApp can read or listen to them.”
That sounds ironclad, Zimbabwe State Security is included in the ‘no one outside this chat’ section and so they should not be able to read or listen to your WhatsApp correspondence.
Let’s break down how the end-to-end encryption works.
How WhatsApp end-to-end encryption works
Message Encryption: When you send a message, it’s turned into a code that only the receiver’s phone can unlock.
Message Decryption: When the receiver gets the message, their phone turns the code back into the original message.
WhatsApp’s Role: WhatsApp only acts as a messenger, carrying the message. They cannot see the contents. The encryption keys needed to decode the messages are stored only on users’ devices, not on WhatsApp’s servers.
WhatsApp uses what’s called the Signal Protocol for encryption and security guys say it’s as good as it gets.
It would be incredibly difficult for anyone, even WhatsApp itself or Zimbabwe State Security, to break this encryption and read your messages. It requires too much in resources and expertise to pull off.
In fact, there is no record of any entity ever breaking WhatsApp’s encryption.
So, we are golden, right? We need not pay any mind to the disinformation campaign? Well…
Other ways to hack
While no one has been ale to break the encryption itself, some actors have been able to access people’s messages without consent. How is that possible if the encryption cannot be broken?
In 2019, the Pegasus spyware developed by the NSO Group exploited a vulnerability in WhatsApp, allowing attackers to install spyware on phones via missed calls. This did not break the encryption itself but took control of the device.
So, if phones are hacked or malware is installed to intercept messages before they are encrypted, WhatsApp’s encryption won’t save you.
Targeting specific individuals by infecting their phones with spyware to capture messages before they are encrypted or after they are decrypted is how Pegasus did it.
You need more than just a phone number to pull this off. Although there is a lot that state security could do with just a phone number.
So, if the claim that Zimbabwe State Security can now hack WhatsApp messages with just a phone number is interpreted to mean they now have sophisticated ways to infect targeted devices with malware then I guess we can say it’s possible.
Do remember that Pegasus was an Israeli spyware and the Zim government does have good relations with the Israelis. So, it’s not that crazy to think they would have acquired something like this.
Government requests
The government could legally compel Meta to hand over user data. However, WhatsApp protects itself from such requests by ensuring there is end-to-end encryption which ensures they could not comply, even if they wanted to.
However, they might still give metadata (information about who messaged whom and when) if compelled.
Real threat or nah?
Likelihood of Zimbabwe State Security hacking your WhatsApp:
Direct Hacking: Hacking into the actual encryption is extremely difficult and highly unlikely because of the strong encryption used.
Alternative Methods: They might try to hack individual phones to access messages directly from the device, as seen with Pegasus. It’s possible but you’ll have to decide the probability. Do this knowing that if you’re targeted thus, there is little you can do about it.
Legal Pressure: They might also legally pressure Meta to include backdoors in their systems, but as of now, Meta has resisted such demands from more powerful governments, so I doubt little old Zimbabwe would succeed. Alternatively, they could compel Meta for metadata and that tells them who is talking to whom, which is valuable information in their line of business.
In the end, this might just be a campaign to instil fear in the populace that Big Brother is watching.
In WhatsApp, people have found a secure tool that they feel free to say whatever they want to say, or organise whatever they want to organise. It is in the government’s interests to dispel you of that notion.
>>>TECHZIM