
An engineer claims to be able to hack whatsapp? - csmd
http://www.emol.com/noticias/Tecnologia/2018/02/06/894139/Antorcha-el-software-usado-en-la-Operacion-Huracan-Puede-funcionar-como-dice-su-autor.html
======
tristanj
This is not a whatsapp hack. I cannot read spanish, but it sounds like this
'whatsapp exploit' involves downloading Android malware that installs a 3rd
party keyboard that acts as a keylogger. The keylogger is used to record
whatever is typed into the phone, including Whatsapp. Claiming this is a
'whatsapp' hack is clickbait.

This situation reminds me of another clickbait whatsapp 'hack' where a
researcher claimed he could extract plaintext of encrypted whatsapp messages
... By rooting the device and dumping the whatsapp application memory.

------
kbenson
Any English language articles on this, or background on why someone is
describing to the court how they can hack whatsapp (auto translation got me a
little ways)?

Searching is only finding Spanish language sources for info (and football
info).

~~~
jiinawa
I'll try to explain what's going on:

\- Chilean police forces created a special unit in 2017 to investigate a
series of violent attacks ocurring in the south of the country. The usual
suspects of these attacks are Mapuche people (one of the native peoples of
Chile) who protest to recover land that was taken from them by the State about
two hundred years ago.

\- In September 2017, this special unit reported they had identified the
people organizing these attacks, and said they had Whatsapp messages as
evidence of the coordination and plans they made to attack different targets.
This lead to the arrest of several people supposedly involved.

\- The judicial process starts after that, and in january 2018 one of the
public prosecutors accuses the police of fabricating the Whatsapp messages
that were presented as evidence. The prosecutor's office found inconsistencies
in what the police said (for example, of all the phones that were seized, only
one had whatsapp installed; and some files were added to one of the other
phones after the date it was confiscated).

\- This of course led to a giant scandal. The original investigation was
closed and a new one started to find out if the police did fabricate the
evidence

\- According to the police they hacked Whatsapp to capture the messages using
a software called "Antorcha", developed by an engineer (more like an
agronomist actually) who works as a school teacher.

\- In statements published yesterday, the "hacker" kind of explains they sent
malware to the suspects via e-mail. According to the guy, "they were
promotional emails and receiving the email in the inbox was enough to infect
the device" with this malware. The malware is supposed to be a keylogger with
which they captured what was typed on the phone

\- The problem with that is that the police also had images supposedly sent
over whatsapp as evidence too. There's not much explanation given for this,
the "hacker" says the software "evolved" to somehow capture the images that
were sent over messaging applications in later versions

That is basically the situation now, people highly doubt the police's story
right now

~~~
kbenson
Interesting, and thanks!

> The problem with that is that the police also had images supposedly sent
> over whatsapp as evidence too. There's not much explanation given for this,
> the "hacker" says the software "evolved" to somehow capture the images that
> were sent over messaging applications in later versions

Hmm, in English "evolved" is applied to devices or operations often to mean
something different than the actual meaning or the word. Instead it often
means the much less nuanced "changed over time". I have no idea if this usage
is idiomatic in Spanish, or in the dialect of it Spoken in Chile (or if it's
not if it's common for English exposure to cause things like this). As someone
that can understand the source and might have more insight into the language
and culture, what do you think was the meant inference?

I understand it's supposed to be a keylogger, so images don't make much sense,
but I'm also wondering if it was reported oddly and it was actually a
keylogger to get credentials which were then used on other phones to access
accounts using alternate installs of apps. That's a stretch, but I'm going of
your translation of a newspaper piece which I wouldn't have trusted to get
interesting details right in the first place, so... <shrug>

~~~
jiinawa
What we have now is only what this dude says, no independent expert has looked
at the malware yet.

He used the word "evolve", as if the keylogger changed on its own, but he
means he made improved versions of it over time.

The issue here though is that there's a chance they never captured any
whatsapp conversations at all and made the whole thing up to incriminate a
group of people.

