Leonid Bershidsky, writing for Bloomberg because of course a horrible infosec article will be published by Bloomberg:
The discovery that hackers could snoop on WhatsApp should alert users of supposedly secure messaging apps to an uncomfortable truth: “End-to-end encryption” sounds nice — but if anyone can get into your phone’s operating system, they will be able to read your messages without having to decrypt them.
In related news, your text messages are also less private if someone is looking at your screen over your shoulder.
These are merely applications running on top of an operating system, and once a piece of malware gets into the latter it can control the device in a multitude of ways. With a keylogger, a hacker can see only one side of a conversation. Add the ability to capture a user’s screen, and they can see the full discussion regardless of what security precautions are built into the app you are using.
“End-to-end encryption” is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security.
End-to-end encryption is not mere marketing; everyone knows this, and it’s a jackass move to suggest otherwise. Vulnerabilities that are able to gain system-wide access, like those used by NSO Group, are exceedingly rare. It is far more likely that data can be intercepted in transit. Encrypting anything as it travels across the world is not lip service or marketing — it’s good sense.
It’s foolish for Bershidsky to have written this terrible article, and it beggars belief that any editor who has the first inkling of knowledge about encryption or information security would choose to run it. Alas, this is Bloomberg.