CatchApp tool can siphon encryption WhatsApp messages from a distance

WhatsApp
Erstveröffentlicht: 
30.09.2016

Israeli company claims it has developed CatchApp tool which can siphon encrypted WhatsApp data from a distance

 

You may have seen in many Hollywood movies in which the main protagonist, an agent from the CIA or FBI placing his/her mobile besides the victim’s smartphone and copying data from it. Up to now, siphoning data from any smartphone just by being in its proximity was considered fiction but now an Israeli cyber surveillance company claims it has developed a sophisticated tool called CatchApp which can siphon off all WhatsApp chats, including encrypted communications, from phones within close proximity of a hidden Wi-Fi hacking device in a backpack.

 

Haifa-based Wintego has released brochures for its CatchApp tool which it calls as a WhatsApp interceptor.

 

Wintego promises that the Catchall App has an “unprecedented capability” to break through WhatsApp encryption and grab full data from a target’s account. It does so through a “man-in-the-middle” (MITM) attack; in theory, the traffic is intercepted between the app and the WhatsApp server and somehow the encryption is decoded by the device, though that may not be possible with the latest upgrades to the software’s cryptography.

 

The company did not elaborate on how its CatchApp tool manages to decode/decrypt the WhatsApp encryption but Forbes has noted that the tool works on most versions of WhatsApp. The company has released the brochures of the App to advertise it to different police and law enforcement agencies around the globe.

 

The CatchApp tool is a part of larger Wintego arsenal called WINT. According to the company, WINT hacking tool can fit into backpack. The company calls WINT a “data extraction solution” and says that it can can obtain “the entire contents of your targets’ email accounts, chat sessions, social network profiles, detailed contact lists, year-by-year calendars, files, photos, web browsing activity, and more” just by being near the victim’s PC/laptop/smartphone. It does that by acquiring login credentials for distinct accounts and then silently downloads “all the data stored therein”.

 

Wintego claims WINT first gains access to a device by intercepting Wi-Fi communications, whether they’re open or private encrypted networks. WINT uses four separate Wi-Fi access points so it can track multiple targets and high-gain antennas to catch those at a distance. It’s small enough to fit into any backpack, said Wintego, so is ideal for stealthy operations.

 

The details about Wintego dealings are top secret but reports indicate that it was founded by alumni of Verint, another Israeli firm. Verint itself was the top cyber surveillance tools supplier for America’s National Security Agency (NSA). According to Forbes, Yuval Luria acts as the face of the company, promoting the kit at major surveillance shows. He recently presented at the ISS World Training event in Prague (also known as the Wiretappers’ Ball), giving a talk on A Hybrid Tactical-Strategic Approach for Extracting Cyber Intelligence. Nhevo Kaufman appears to act as company chief, having set up the firm’s website back in 2011.

 

Both the above tools are for sale only to police, law enforcement and spy firms but it is nowhere stated that the same can’t be bought by rogue actors.