In the hours since the documents were made available by WikiLeaks, a misconception was developed, making people believe the CIA “cracked” the encryption used by popular secure messaging software including Signal and WhatsApp.
WikiLeaks asserted that:
“These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.”
This statement by WikiLeaks made most people think that the encryption used by end-to-end encrypted messaging clients such as Signal and WhatsApp has been broken.
No, it hasn’t.
Instead, the CIA has tools to gain access to entire phones, which would of course “bypass” encrypted messaging apps because it fails all other security systems virtually on the phone, granting total remote access to the agency.
The WikiLeaks documents do not show any attack particular against Signal or WhatsApp, but rather the agency hijacks the entire phone and listens in before the applications encrypt and transmit information.
It’s like you are sitting in a train next to the target and reading his 2-way text conversation on his phone or laptop while he’s still typing, this doesn’t mean that the security of the app the target is using has any issue.
In that case, it also doesn’t matter if the messages were encrypted in transit if you are already watching everything that happens on the device before any security measure comes into play.