> Not only did Sky ECC provide end-to-end encryption, like Whatsapp or Signal, but unlike those free apps, it also redirected the data on its own secure network.

So how the messages were intercepted if e2e encryption is used?

▲

garrettjoecox 8 months ago | parent | next [-]

I’ve seen it before—a SaaS claiming to offer end-to-end encryption simply because it uses HTTPS/SSL for communication between the client and server. It’s laughable, but the lack of clear regulations or standards defining E2E encryption lets them get away with treating the client and server as the “ends.”

Not sure if that’s what happened here but it wouldn’t surprise me.

	▲	avodonosov 8 months ago \| parent [-]
		I understand that's one of possibilities. But what actually happened in this case?

▲

dist-epoch 8 months ago | parent | prev [-]

Backdoor the app itself and add an extra key?

▲

avodonosov 8 months ago | parent [-]

That's one of possibilities. But what actually happened in this case?

	▲	avodonosov 8 months ago \| parent [-]
		A friend told me that: The exact approach used to break the encryption of Sky ECC phones is not fully detailed in the sources I found. However, there are some insights into the methods used: 1. One source mentions that law enforcement agencies used cloned devices running a fake phishing application designed to impersonate the Sky ECC app https://www.bleepingcomputer.com/news/security/europol-unloc.... This allowed them to intercept messages as they were being sent and received. 2. Another report indicates that unauthorized devices with modified security features were sold through unauthorized channels, which likely played a role in the interception https://www.vice.com/en/article/sky-ecc-decrypted-hacked-pol.... These methods suggest that the encryption itself wasn't directly broken, but rather the security of the devices and the integrity of the app were compromised.