Latest in Gear

Image credit: Shutterstock

John McAfee claims he can read encrypted messages on Android (updated)

He and his team reportedly took advantage of an Android flaw to read encrypted chats.
14 Shares
Share
Tweet
Share
Save

Sponsored Links

Shutterstock

John McAfee is already many things -- entrepreneur, presidential hopeful, alleged criminal. However, you might have to add one more item to that list: the co-discoverer of a potentially major Android security flaw. He and a team in Colorado claim to have found a hole in Google's mobile platform that lets them read encrypted WhatsApp messages (and those from other services, for that matter), rendering its privacy safeguards pointless. McAfee is saying precious little about how the intrusion works, but he supposedly gave Cybersecurity Ventures enough details to suggest that the story might hold up.

LIFARS, which conducted forensics here, believes that the trick didn't involve getting root access to the phone, and that there were hints of both keyboard recording and spyware vulnerabilities. This would target an everyday Android phone, then, not just one that's already compromised.

McAfee says he's sharing the flaw after talking to Google. We've asked Google itself if it can shed more light on the claims and outline its plans for a fix (assuming one is needed). If his team really did find a way around encryption, though, this could represent a serious problem. Simply speaking, you couldn't guarantee that a chat was private unless you knew that everyone was running a safe operating system.

Update: You know what they say about stories sounding too good (or in this case, too interesting) to be true? Yeah, that may well be true. Gizmodo's own sources maintain that McAfee was trying to perpetrate a hoax. Reportedly, he wanted to send reporters phones "pre-cooked" with keylogger malware to convince them that he'd cracked WhatsApp. He supposedly changed his story to focus on an Android vulnerability when reporters weren't sure about their ability to verify the details.

McAfee isn't having Gizmodo's take on things (his response is colorful, to put it mildly) and swears that how the malware reached the phones "is the story." Still, we'd take his protestations with a big grain of salt unless Google can attest to having spoken to him.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
14 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Hyundai teases all-electric concept '45' for Frankfurt

Hyundai teases all-electric concept '45' for Frankfurt

View
iPhone Pro, new iPad and 16-inch MacBook Pro details emerge

iPhone Pro, new iPad and 16-inch MacBook Pro details emerge

View
Russia tests new Soyuz rocket by sending a humanoid robot to the ISS

Russia tests new Soyuz rocket by sending a humanoid robot to the ISS

View
Android Q is now simply Android 10

Android Q is now simply Android 10

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr