• 000999@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      The investigation accelerated in early 2019 after receiving EU funding.[2] At the end of January 2020, a judge in Lille, France, authorized the infiltration of the EncroChat servers.[23] Intelligence and technical collaboration between the NCA, the National Gendarmerie and Dutch police culminated in gaining access to messages after the National Gendarmerie put a “technical tool” on EncroChat’s servers in France.[20][22][1] The malware allowed them to read messages before they were sent and record lock screen passwords. Messages could be read by law enforcement beginning in April.[12] EncroChat estimated that around 50 percent of devices in Europe were affected in June 2020.[1][17]

      • Goku@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        OK thank you.

        This is why we need to use a decentralized, end-to-end encrypted messaging service.

        The gubment can not be trusted to keep their hands out of the cookie jar.

      • Aceticon@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        1 year ago

        There are ways:

        • The encryption protocol might have a weakness
        • One or both of the devices might be compromised
        • The actual application design might have a weakness
        • The actual application might be conpromised (i.e. on purpose rather than an unknown design flaw)
        • The mechanism for generating the actual keys might have a weakeness (for example, for a while the symetrical key generation for HTTPS in the Mozilla browser was a lot less random than it was supposed to be so those connections were a lot easier to crack)
        • The mechanism for distributing the keys might have a weakness

        Ultimatelly the one trully safe encryption mechanism is the One Time Pad, and that requires a key as long as the message (hence why seldom used) distributed in a safe way (for starters, never over a public network) and there’s still the whole “compromised device” and “compromise application” risks (though implementing the One Time Pad protocol is stupidly simple)