Douglas Stebila

A real-world law-enforcement hack: the case of Encrochat

Abstract

In 2020, a coordinated law-enforcement effort infiltrated Encrochat, an end-to-end encrypted service provider, exfiltrating historical and real-time data and metadata over months. Encrochat was used extensively by organised crime, and the data from the operation was used as supporting evidence in over 6,000 arrests and related prosecutions across Europe. Encrochat's architecture was vertically integrated, with the company acting as both a device vendor and service provider; Encrochat sold modified Android smartphones with its own PKI and custom applications, including encrypted messaging based on the Signal protocol. In this work, we give the most detailed public account to date of Encrochat's infrastructure and how it was compromised.

Keywords: encrypted messaging, Encrochat, Signal protocol

Reference

Martin R. Albrecht, Sunoo Park, Michael A. Specter, Douglas Stebila. A real-world law-enforcement hack: the case of Encrochat. In Advances in Cryptology -- Proc. CRYPTO 2026, LNCS. Springer, August 2026.

Download

Presentations

• 2024-10-08: Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) 62nd General Meeting, Toronto. (PDF slides)
• 2024-08-18: Workshop on Attacks in Cryptography 7 (WAC7). (PDF slides)

BibTeX

@inproceedings{C:APSS26,
 	Author = {Martin R. Albrecht and Sunoo Park and Michael A. Specter and Douglas Stebila},
 	Booktitle = {Advances in Cryptology -- Proc. {CRYPTO} 2026},
 	Month = aug,
 	Note = {\url{https://eprint.iacr.org/2026/1319}},
 	Publisher = {Springer},
 	Series = {LNCS},
 	Title = {A Real-World Law-Enforcement Hack: The Case of {Encrochat}},
 	Year = {2026}
 }

Funding

• Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2022-03187