Real product or marketing operation?
The Israeli surveillance firm Wintego is offering for sale a system that is able to hack WhatsApp encrypted communications from mobile devices within close proximity of a hidden Wi-Fi hacking device in a backpack, intercepting the WhatsApp traffic between the app and the WhatsApp server with a “man-in-the-middle” (MITM) attack.
Wintego was founded by alumni of Verint, another Israeli firm, but one that’s become a dominant force in the surveillance sphere, most notably as a provider for America’s National Security Agency (NSA).
The CatchApp feature can be delivered from Wintego’s WINT Cyber Data Extractor that fits into a backpack.
The news has been reported by Forbes that obtained and published brochures of the system called CatchApp:
The CatchApp feature can be delivered from Wintego’s WINT product, a hacking device that fits snugly into a backpack, according to the documents. Other brochures handed to FORBES claimed the WINT “data extraction solution” can obtain “the entire contents of your targets’ email accounts, chat sessions, social network profiles, detailed contact lists, year-by-year calendars, files, photos, web browsing activity, and more.” It does that by acquiring login credentials for distinct accounts and then silently download “all the data stored therein”.
WINT’s Cyber Data Extractor can overcome “the encryption and security measures of many web accounts and apps” to grab those credentials, Wintego claimed. Where there are no credentials required — with chat apps like WhatsApp and, presumably, Facebook Messenger, Google Allo, Telegram, etc. — the Extractor can pilfer “secured data right from the apps.”
Wintego claims WINT first gains access to a device by intercepting Wi-Fi communications, whether they’re open or private encrypted networks. WINT uses four separate Wi-Fi access points so it can track multiple targets and high-gain antennas to catch those at a distance. It’s small enough to fit into any backpack, said Wintego, so is ideal for stealthy operations.
Security experts aren’t convinced Wintego’s kit is as powerful as advertised
I suspect they’re taking advantage of a number of vulnerabilities in SSL implementations… many systems are susceptible to downgrade attacks and other types of MITMs.
They would have to defeat both the encryption to and from the server and the end-to-end Signal encryption. That does not seem feasible at all, even with a Wi-Fi access point.
I would bet mundanely the password stuff is just plain phishing. You go to some site, it asks for your Google account, you type it in without looking closely at the address bar.
But the WhatsApp stuff manifestly should not be vulnerable like that. Interesting.