John McAfee Pulls Lame Attempt At Tricking WhatsApp Into Thinking He Hacked The Service
WhatsApp is an interesting target because it recently announced the addition of end-to-end encryption. It's also the most used messaging application in the world with over a billion users, so if there's a flaw in Android, the most popular mobile OS on the planet, that compromises the security and privacy of WhatsApp, then it's a big deal. But according to Gizmodo, all McAfee did was pre-install keyloggers onto a pair of smartphones that he wanted media outlets to use to verify his claim.
McAfee's grand plan was to send any major media outlet that would listen two Samsung phones in sealed boxes, presumably to give off the impression that they were new and hadn't been tampered with. Experts working for McAfee would then unbox the phones in front of the reporters and send messages to one another through WhatsApp, all while McAfee reads the encrypted messages from a remote location via Skype.
Research firm Cybersecurity Ventures ran with the story using a sensational headline, but also notes that traces of malware were found on the phones, including "a keyboarding recording vulnerability." McAfee and his team didn't hack WhatsApp or do anything notable, really—they simply installed a keylogger and spun it to reporters that WhatsApp's end-to-end encryption had been compromised.
Moxie Marlinspike, the person who developed WhatsApp's encryption, said McAfee "reluctantly" admitted as much in a phone interview and said the media outlets he contacted turned him down after he told them how the supposed hack worked.
This isn't the first time McAfee's been involved with dubious hacking claims. When the FBI was locked in a legal battle with Apple over a locked iPhone that belonged to Syed Farook, one of the San Bernardino shooters, McAfee claimed he and his team could hack the handset with ease. He then later revealed it was lie to generate a "sh*tload of public attention."