|
|
|
|
|
|
by rainforest
2171 days ago
|
|
|
I think the only way to do so would be to deny themselves the ability to push software to customers (speculating that this is how it was attacked), which itself is an attack vector. It basically seems impossible to do securely if you can't trust the software on the phone, short of providing a separate device that decrypts and encrypts messages and shows them, but any software that device runs would be the attack surface. That said, it's probably far more likely the crypto was done incorrectly from the off (and probable that other services have the same flaws) but the authorities needed a cheaper vulnerability to burn in public so as not to disrupt other investigations that are no doubt ongoing. |
|
|