Latest in Gear

Image credit:

John McAfee claims he can read encrypted messages on Android (updated)

He and his team reportedly took advantage of an Android flaw to read encrypted chats.
Jon Fingas, @jonfingas
May 15, 2016
Share
Tweet
Share

Sponsored Links

John McAfee is already many things -- entrepreneur, presidential hopeful, alleged criminal. However, you might have to add one more item to that list: the co-discoverer of a potentially major Android security flaw. He and a team in Colorado claim to have found a hole in Google's mobile platform that lets them read encrypted WhatsApp messages (and those from other services, for that matter), rendering its privacy safeguards pointless. McAfee is saying precious little about how the intrusion works, but he supposedly gave Cybersecurity Ventures enough details to suggest that the story might hold up.

LIFARS, which conducted forensics here, believes that the trick didn't involve getting root access to the phone, and that there were hints of both keyboard recording and spyware vulnerabilities. This would target an everyday Android phone, then, not just one that's already compromised.

McAfee says he's sharing the flaw after talking to Google. We've asked Google itself if it can shed more light on the claims and outline its plans for a fix (assuming one is needed). If his team really did find a way around encryption, though, this could represent a serious problem. Simply speaking, you couldn't guarantee that a chat was private unless you knew that everyone was running a safe operating system.

Update: You know what they say about stories sounding too good (or in this case, too interesting) to be true? Yeah, that may well be true. Gizmodo's own sources maintain that McAfee was trying to perpetrate a hoax. Reportedly, he wanted to send reporters phones "pre-cooked" with keylogger malware to convince them that he'd cracked WhatsApp. He supposedly changed his story to focus on an Android vulnerability when reporters weren't sure about their ability to verify the details.

McAfee isn't having Gizmodo's take on things (his response is colorful, to put it mildly) and swears that how the malware reached the phones "is the story." Still, we'd take his protestations with a big grain of salt unless Google can attest to having spoken to him.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Some of Ubisoft's PS4 games won't run on PS5

Some of Ubisoft's PS4 games won't run on PS5

View
RISC-V is trying to launch an open-hardware revolution

RISC-V is trying to launch an open-hardware revolution

View
Chevy will start selling EV retrofit kits in 2021

Chevy will start selling EV retrofit kits in 2021

View
Ford reveals how much its Active Driver Assist option will cost

Ford reveals how much its Active Driver Assist option will cost

View
Scientists found an Earth-sized ‘rogue’ planet in the Milky Way

Scientists found an Earth-sized ‘rogue’ planet in the Milky Way

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr