Wednesday, May 10, 2017

WhatsApp Extends Encryption to iCloud Backups

Tim Hardwick:

WhatsApp has offered end-to-end encryption on its messaging service for some time, but that encryption did not previously extend to iCloud backups of messages. Given that Apple holds the encryption keys for iCloud, a subpoena of Apple or an unauthorized iCloud hack could potentially allow access to WhatsApp messages backed up there.

However, WhatsApp has moved to prevent that possibility by also pre-encrypting the backup files.

[…]

According to Russian-based Oxygen Forensics, third-party hacking tools are able to download the encrypted WhatsApp data backed up to iCloud and then generate an encryption key to decrypt the data using the associated SIM card. The tools could potentially be used by police with access to a phone where the WhatsApp account has been deactivated but the encrypted messages are still stored in iCloud.

This is more protection than iMessage offers for iCloud backups, but it seems like both could benefit from allowing the user to specify a backup password, as is possible for local backups via iTunes.

Comments RSS · Twitter

Leave a Comment