According to a media report, the Federal Criminal Police Office (BKA) uses a simple method to read encrypted WhatsApp communication.
The investigators apparently used the opportunity to link the app with the web browser on a computer, the stations WDR and BR reported on Tuesday. With the function, all content of the chat service is mirrored in a browser window.
However, the chat service belonging to Facebook built a hurdle for such a link. To connect WhatsApp to a browser or the desktop version of the app, a user must scan a QR code on the computer screen using the WhatsApp application on the smartphone. So that presupposes that the phone is unlocked. A user can also set up facial recognition protection to open WhatsApp.
On request, the BKA initially did not comment on the report on Tuesday. WDR and BR informed the authority that it was providing “in principle no detailed public information on technical or operational investigative skills (…) in the area of information technology monitoring, for example”.
It remained unclear in the report whether the BKA used vulnerabilities on the target computers’ computers to read – or instead linked the app to its own PCs. With the latter approach, however, another computer would appear in the list of registered devices in the app and could easily be discovered there by the target person.
WDR and BR reported that evidence of the surveillance procedure had been provided by documents from the preliminary investigation by the Attorney General against the terrorist suspect Magomed-Ali C., a Caucasian Islamist and friend of the Breitscheidplatz assassin Anis Amri. They cited an internal BKA letter:
“The BKA has a method that can enable text, video, image and short voice messages to be reproduced from a WhatsApp account in real time”
At the same time, referring to security circles, it was said that the BKA has so far hardly used the WhatsApp monitoring method. The reasoning says that it can only be implemented with a comparable amount of effort and is therefore not practical for many investigative proceedings.
Communication content at WhatsApp and various other chat services such as Apple’s iMessage are protected with so-called end-to-end encryption and are therefore only accessible to the users themselves in plain text. The providers also have no access to it – and accordingly cannot issue any content at the request of the investigative authorities.
In the USA and Great Britain in particular, there are always calls for encryption back doors, which providers reject as an incalculable risk to data security.
- whatsapp_2: © rcfotostock- stock.adobe.com