Circumventing encrypted messages

This article got me thinking about encrypted chat:

Europol said that French police had discovered some of EncroChat’s servers were located in the country, and that it was possible to put a “technical device” in place to access the messages.

Wonder what this ‘technical device’ was/did - any ideas?


Never heard of EncroChat, so let’s see what google says…

Hmm, so it claimed E2E however it was never audited and they didn’t use one of the well known good E2E styles, in addition they sold phones without secure enclave chips nor was any of that audited as well, so yeah I don’t see how it is trustworthy for such communications.

There’s so many ways that such systems can be weakened so it’s not surprising.


I’d guess that you’re only as secure as the weakest device in the chain - if somebody has hacked your (or your recipient’s) device they only need access to your mic, keyboard and display and they essentially have access to all conversations :upside_down_face:

1 Like

They put a “technical device” on some servers to be able to access the messages. Assuming it really was end-to-end encryption they must either have had access to the keys (through a cracked device?) so that they could decrypt the messages or the crypto implementation had some sort of weakness they could exploit such as being open to padding oracle or timing attacks or mitm attacks.

Unfortunately I doubt they will release any details about how they cracked it. It would be interesting to know for sure.


It could have been an inside job or actually created by the govt/s to begin with :laughing:

1 Like

That passed through my mind, lol.


They’re the only two things I can think of if the encryption/service was ‘legit’ - made by the govt or a device that hacked all of its user’s phones :laughing:

1 Like