How Zimbabwe's Vice President may have been hacked

in cybersecurity3 months ago

image.png

With the news of Vice President Kembo Mohadi’s resignation due to the scandal he is embroiled in. We wondered how the leak(s) could have taken place or how they were orchestrated. Anyone who was plugged into the internet of late or on any social media was sure to come across the story. Some may even have had the fortitude to actually listen to the audio. The audio coming to light, however, raised the following questions among us and many in the Techzim community:

  1. How are conversations “hacked”?
  2. What is all the voice cloning stuff that was flitting about in some parts of the media?
  3. Is National Security something we should be concerned about after this whole debacle?
  4. Are conversations private anymore?

How conversations get “hacked” or more likely recorded

It’s easy to think of elaborate systems and a team of hackers behind the leak of the now-former Vice President Mohadi’s conversation. The reality may be a lot less Hollywood inspired than that.The simplest explanation is that anyone can do this by having a call on loudspeaker and then recording it on a second phone (using the voice recorder app that comes in most models). This kind of thing is the least resource-intensive. You don’t need to have any knowledge of how information systems work to be able to do this.
Another possible explanation is the litany of call recording software available on app stores. It’s a sad state of affairs but there are people out there who want, for one reason or another, to have a record of a private conversation.

What if it was a hack?

If we are to play devil’s advocate and say this was indeed a hack then this is less straightforward. For one thing, it depends if the call was over the network (GSM call) or if it was through a messaging app like WhatsApp.In a report by Wired from 2019, GSM calls are encrypted but not as robustly as calls on messaging services that offer end-to-end encryption. There are encryption keys that establish a secure connection between your device and the nearby cell tower every time you place a call. This system gives your device and the tower the keys to unlock the data that is about to be transmitted.There are however flaws in this system, especially with older installations and someone could potentially set up equipment to intercept the encrypted conversation. They then would have to decypher the keys to listen to the conversation. Frighteningly anyone with the wherewithal can crack the A5/1 GSM algorithm in about an hour. For the A5/3 algorithm, the report says that it is theoretically possible but it would take a very long time.As for end-to-end encrypted calls, it would take someone very skilled and with a lot of time to crack that. That’s not to say it isn’t out of the realm of possibility but the odds are long on that one.
Voice cloning
If you’ve been on the internet in the last couple of years, I am sure you may have come across “Deepfakes“. This is when someone takes an image of another person and overlays it on another subject in a video or a still (picture). The practice has been deemed illegal or unsavoury (and was banned on social media sites like Reddit and Facebook) the world over much like voice cloning.Voice cloning is where a computer-generated replica of your voice is created after only a few samples are gathered. Before artificial intelligence, this was a costly exercise to undertake. However, as the field has progressed it is has shown the power that machine learning has.When it was reported that the now-former Vice President said that he was a victim of voice cloning it raised many eyebrows. The chances that could have been the case were out of the realm of possibility at least in our opinion but who knows we could be wrong.

The issue of National Security

Hacks or breaches happening within government spheres are not an uncommon thing in Zimbabwe. If it is not Zoom calls running into the odd guy who thinks it’s funny to post porn on a Met Department meeting. Its the litany of government websites falling prey to hackers like what we saw in mid-2020.The case of the Vice President is of course separate from these issues but we think it should be taken as an example to ensure that security in the digital sphere is beefed up where the government is concerned.

Are conversations private anymore?

Well, that’s a tricky one because you in essence have to trust whomever you have on the line. If they are recording your call it is unlikely that you might know. If you are a paranoid cynic like me then it’s probably best to have conversation in public and away from devices.But that’s near impossible these days what with the pandemic and all. So I guess my parting words are “be on your best behaviour when you are on the phone“