tech2 News Staff Nov 08, 2018 16:05 PM IST
Dutch police claim to have broken encryption in IronChat, a formerly secure, encrypted chat service that was apparently endorsed by NSA whistle-blower Edward Snowden.
IronChat runs on IronPhones — Android phones running a custom, secure OS — and requires a subscription. This can cost thousands of dollars per account. The service is apparently very popular with criminals, who clearly love the idea of communicating via channels that the cops have no access to.
According to a statement released by Dutch police, however, they have managed to break IronChat’s encryption and snoop in on hundreds of thousands of conversations involving hundreds of criminals involved in some sort of money-laundering scheme. It turns out that the owner of the service, and his partner, were involved in the scheme. They have since been arrested.
IronChat routes data via a central server and encrypts it. Police were able to pinpoint the location of the server, which somehow allowed them to intercept over 258,000 messages sent via the service. Simply being aware of the location of a server does not help break encryption, and the police haven’t revealed how they broke it.
Police were tipped off when they found a man selling these “cryptophones” to criminals.
Dutch police claim that breaking the encryption allowed them to make several drug busts, including one involving MDMA and cocaine as well as automatic weapons and €90,000 in cash.
The criminals involved believed the service to be secure and started suspecting each other of leaking information. When the threat to life started escalating, Dutch police decided that it was time to reveal their hand. The service has since been shut down and the servers taken offline by police.
In an interview with Dutch website Telegraaf, a security expert speculates that there was some inherent flaw in the way encryption was implemented in IronChat. If end-to-end encryption is properly implemented, it will be impossible for anyone, even the owners of the service, to decrypt the messages.