Author Leonid Bershidsky wrote that the finding that hackers could snoop on WhatsApp "should alert users of supposedly secure messaging apps to an uncomfortable truth: 'End-to-end encryption' sounds nice – but if anyone can get into your phone’s operating system, they will be able to read your messages without having to decrypt them".
He added: "End-to-end encryption' is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security."
Bloomberg article show Bloomberg is largely pointless https://t.co/vXsv5tOGwT— Costin Raiu (@craiu) May 14, 2019
His arguments were panned widely. Former NSA hacker Jake Williams told iTWire: "Bloomberg's contributor arguing that end-to-end encryption is ineffective overall is a bad take. Just because one vulnerability was found in an application doesn't say anything about the security of the encryption.
Bloomberg have become the Daily Mail of infosec. https://t.co/UvdpKzgaLt— Vess (@VessOnSecurity) May 14, 2019
The Financial Times reported that the spyware that could exploit WhatsApp in this manner was made by the NSO Group, a Israeli firm. The company has been in the news a number of times for supplying its software to governments for spying on activists and journalists among others.
Williams, who runs his own security firm, Rendition Infosec, added: "These are completely different areas of application security. It's like saying that you police officers shouldn't wear bulletproof vests because a criminal could still hit them in the legs with a baseball bat."
I think we all know by now that when Bloomberg goes all in, they go all in... https://t.co/B8MG353JQU— Jake Williams (@MalwareJake) May 15, 2019
Matt Blaze, a professor of Computer and Information Science at the University of Pennsylvania and a researcher in the areas of secure systems, cryptography, and trust management, said in a sarcastic tweet: "End-to-end encryption does nothing to protect against attacks on your endpoint, true. And seatbelts and airbags do nothing to prevent your car from being hit by a meteorite."
Well-known cryptography researcher Kenn White was even more severe. "Wow, Bloomberg business weighing in with the actively dangerous hot take on WhatsApp. Spoiler: No, end-to-end encryption is not 'pointless' you fetid baboons," he tweeted.
End to end encryption does nothing to protect against attacks on your endpoint, true. And seatbelts and airbags do nothing to prevent your car from being hit by a meteorite.— matt blaze (@mattblaze) May 14, 2019
Bloomberg has earned the ire of many in the tech community over the last year or so. In October last year, the news agency claimed that China had infiltrated the technology supply chain by implanting a small chip on the server mainboards used by a company in the US, Supermicro Computer. To date, there has been no evidence produced to back up these claims.
Wow, Bloomberg business weighing in with the actively dangerous hot take on WhatsApp. Spoiler: No, end-to-end encryption is not "pointless" you fetid baboons.— Kenn White (@kennwhite) May 14, 2019
Soon after that, Bloomberg ran a story that claimed a "major US telecommunications company" that allegedly encountered doctored hardware made by the US company Supermicro Computer. Again, there was no evidence to back up this story.
This message brought to you by intelligence services everywhere... https://t.co/RAa45nfz0j— Jake Williams (@MalwareJake) May 14, 2019
And more recently, Bloomberg reported this month that Vodafone had found what it called "hidden backdoors" in software that "could have given [Chinese telecommunications equipment vendor] Huawei unauthorised access to the carrier’s (Vodafone's) fixed-line network in Italy".
Vodafone denied the claim, telling iTWire that the so-called backdoor that Bloomberg referred to was telnet, a protocol used for communication using a virtual terminal connection, adding that it was not exposed to the Internet.