That WhatsApp hack
The WhatsApp hack shouldn't really come as a surprise, and it won't to anyone who's been on our training courses. As we explain on them, there's a thriving industry in finding ways to compromise smartphones without any user interaction. That shouldn't worry most people because this type of vulnerability is too valuable for large-scale use. And although WhatsApp uses the same encryption protocol as the Signal messaging app, the latest vulnerability was in its voice component which isn't shared with Signal. There's been some horribly loose reporting about this story, with Bloomberg for one tweeting that the "hack shows end-to-end encryption is largely pointless." Bloomberg's article makes clear that end-to-end encryption isn't a magic bullet; clearly, if someone has access to your smartphone they can see everything on it, including your messages. But that doesn't mean the protection it provides is pointless. In general, we believe Signal is a better option than WhatsApp, but if you are a high-risk target then you should seek specialist advice because off-the-shelf solutions can only ever offer limited security.