Police decrypt 258,000 messages after breaking pricey IronChat crypto app

Found on Ars Technica on Wednesday, 07 November 2018
Browse Software

Tuesday’s statement didn’t say how investigators were able to decrypt the IronChat communications. While police said they were able to discover the server used to send the encrypted messages and eventually take it offline, that alone shouldn’t be enough to read communications that are truly end-to-end encrypted.

An article published by Dutch public broadcaster NOS said a version of the IronChat app it investigated suffered a variety of potentially serious weaknesses. Key among them: warning messages that notified users when their contacts’ encryption keys had changed were easy to overlook because they were provided in a font much smaller than the rest of the conversation.

Probably someone without any clue came up with the great idea to outsource the development of a so-called secure app to a $5 developer. If a security product has not gone through a full audit, it cannot be considered secure or reliable.