The adoption of a controversial new anti-terrorism measure called Yarovaya Law in Russia has led to security companies in the country being given the green light to hack a number of popular messaging services, including Skype, Facebook Messenger and WhatsApp.
The Russian newspaper Kommersant has reported that the security firm Con Certeza has developed a number of tools which allow it crack encrypted communications. The company often works closely with the country's law enforcement agencies and its tools will not only be utilised to decrypt internet traffic but will also be used to deploy man-in-the-middle attacks.
In Russia, all communication companies are required to retain information regarding the data of their users for three years. They must also supply law enforcement with the necessary decryption keys when prompted to. Russia's Federal Security Service, the modern successor to the KGB, has also reported been working on developing a system that will be able to decode all of the internet traffic that passes through the country in real time. The system will be searchable using keywords.
The creation of such a system was a direct reaction by the country's government to the news that the Israeli security company Wintego had created an application called CatchApp that is capable of breaking WhatsApp's encryption. Little is known about the application at this time, however it seems as though it operates by using a man-in-the-middle style attack to intercept traffic sent between WhatsApp's servers and the device being targeted. Wintego is claiming that CatchApp is compatible with the latest version of the messaging app though it has not revealed whether or not it has cracked WhatsApp's recent cryptographic upgrades.
Russia's decision to intercept and decrypt all of the traffic that passes through the country could lead others to follow suit which could be quite detrimental for WhatsApp, Telegram and the users of these and other encrypted messaging services.
Image Credit: Aleksei Golovanov / Shutterstock