bellingcat - How Russia Works on Intercepting Messaging Apps - bellingcat

believe that mitigation is a good first step, but insufficient, especially for people in troubled countries. An attacker might also suspect a user to have enabled 2-step authentication and therefore target some of his contacts to access the chat logs.

Such an attack is significantly mitigated, and deterred, by the adoption of end-to-end encryption. The detection of new devices can be cryptographically enforced and previous message history not accessible to an attacker capable of intercepting an SMS. I think the lesson from this might be something like: Always use end-to-end encryption. As the underlying authentication layer can be spoofed, verify fingerprints for important communications.