Encrypted Messaging App Alleges that Compromised Version of the App were Sold
Following hundreds of arrests and investigations on users on the app, Sky ECC claims that the version used, was a sold by someone not affiliated with the company, and was compromised.
Police in the Netherlands and Belgium have removed an encrypted messaging app and arrested criminals after cracking the encryption used by the app, and gaining access to evidence of organised crime on the messaging app. The app is Sky ECC, and is so confident in its security, that it claims it is "the most secure messaging platform money can buy", not only do the company claim that "some call it un-hackable", but they also go as far as to offer a $5 million reward for anyone who is able to hack a device, "We’re so confident SKY ECC is unbeatable, we’ll give US$5,000,000 to anyone who can beat our device and encryption." they state on the application page. Unsurprisingly, it was reported that the app had became popular among criminals in the two years since its release, the app was available on most smart phones and apparently features a "panic button" that erases all of its content, in an 'emergency'.
De Standaard, a dutch news site reported that the app's encryption was successfully cracked by investigators at the end of 2020, which allowed authorities to sort through countless messages sent and received by criminals. The collected information was used to make arrests yesterday (9th march 2021), in Belgium 48 criminals were arrested by around 1,500 police members in coordinated raids. In the Netherlands, 30 arrests were made across 75 homes, The Record reported that more arrests were likely to come.
Sky ECC, the company thought to be responsible for the platform that was hacked by investigators, received notification of several articles published in Belgium and the Netherlands alleging that Belgian and/or Dutch authorities have cracked or hacked SKY ECC encrypted communication software, but the company has stated that after thorough investigation into their platforms, that all such allegations are false. "SKY ECC authorized distributors in Belgium and the Netherlands brought to our attention that a fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices, and security features of authorized SKY ECC phones were eliminated in these bogus devices which were then sold through unauthorized channels," Sky told Motherboard in a statement, although these claims have not yet been verified.
"SKY ECC has not been contacted by any investigative authority. SKY ECC did not authorize or cooperate with the investigative authorities or those involved with the distribution of the fake phishing application. These actions are malicious and SKY ECC is actively investigating and pursuing legal action against the offending individuals for impersonation, false lights, trademark infringement, injurious falsehood, defamation, and fraud."
Sky is part of the turbulent encrypted phone industry, where companies like Sky sell customised phones often with the microphone or GPS functionality removed and an app installed for sending encrypted messages. The devices are traditionally expensive, costing thousands of dollars for an annual subscription, and are often distributed by resellers based in different countries.
Unless these statements are proven, its is likely users will migrate to another platform, it may also be likely that this will occur regardless, because of the new high profile the company has gained. Sky added that it "firmly denies any allegation that it is the 'platform of choice for criminals'." In the same statement, the company's CEO, Jean-François Eap, positioned the company as a legitimate firm; "The platform exists for the prevention of identity theft and hacking, the protection of personal privacy rights, and the secure operation of legitimate personal and business affairs. With the global rise of corporate espionage, cybercrime and malicious data breaches, privacy and protection of information is the foundation of the effective functioning for many industries including legal, public health, vaccine supply chains, manufacturers, celebrities and many more," he said.
Although this clarification has a large impact on the company and its reputation, as well as it being kept online, the arrests made are still legitimate because of the messages found between criminal parties using the potentially illegitimate app, more information is likely to break on the story.
Keep up-to-date with the latest tech industry insights, trends as well as information technologies, app development, and small
business content with the Proteams Blog