WhatsApp has bolstered the security of the iCloud backup feature in its messaging platform, in an attempt to protect archived chat logs from being accessed in a readable form (via TechCrunch).
WhatsApp has offered end-to-end encryption on its messaging service for some time, but that encryption did not previously extend to iCloud backups of messages. Given that Apple holds the encryption keys for iCloud, a subpoena of Apple or an unauthorized iCloud hack could potentially allow access to WhatsApp messages backed up there.
However, WhatsApp has moved to prevent that possibility by also pre-encrypting the backup files. "When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted," a WhatsApp spokesperson told Forbes, confirming the change.
WhatsApp quietly added the encryption to WhatsApp iCloud backups late last year, however the change only came to light last week when professional hackers claimed to be able to circumvent the security measure.
According to Russian-based Oxygen Forensics, third-party hacking tools are able to download the encrypted WhatsApp data backed up to iCloud and then generate an encryption key to decrypt the data using the associated SIM card. The tools could potentially be used by police with access to a phone where the WhatsApp account has been deactivated but the encrypted messages are still stored in iCloud. WhatsApp has yet to comment on the claims.
The encryption debate has been reignited in recent weeks on both sides of the Atlantic. FBI director James Comey revealed earlier this month that his agency had been unable to access the data on more than 3,000 mobile devices in the first half of the fiscal year, despite having legal authority to avail themselves of the contents.
A recent statement by U.S. senator Dianne Feinstein also appeared to confirm that the government had used $900,000 of public money to pay for the third-party tools to unlock the iPhone used by the San Bernardino terrorist. No information of relevance was found on the device, the FBI later revealed.
Meanwhile in the U.K., government home secretary Amber Rudd recently claimed that it is "completely unacceptable" that authorities cannot gain access to messages stored on mobile applications protected by end-to-end encryption, such as WhatsApp. Rudd said she would be discussing the situation with technology companies in the near future.
Since that time, a draft technical paper prepared by the U.K. government has been leaked that contains proposals related to the removal of encryption from private communications. The paper reveals that companies would be required to provide the raw data "in an intelligible form" without "electronic protection" within one working day. Discussions about the feasibility of the proposals are said to be ongoing.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
WhatsApp has offered end-to-end encryption on its messaging service for some time, but that encryption did not previously extend to iCloud backups of messages. Given that Apple holds the encryption keys for iCloud, a subpoena of Apple or an unauthorized iCloud hack could potentially allow access to WhatsApp messages backed up there.
However, WhatsApp has moved to prevent that possibility by also pre-encrypting the backup files. "When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted," a WhatsApp spokesperson told Forbes, confirming the change.
WhatsApp quietly added the encryption to WhatsApp iCloud backups late last year, however the change only came to light last week when professional hackers claimed to be able to circumvent the security measure.
According to Russian-based Oxygen Forensics, third-party hacking tools are able to download the encrypted WhatsApp data backed up to iCloud and then generate an encryption key to decrypt the data using the associated SIM card. The tools could potentially be used by police with access to a phone where the WhatsApp account has been deactivated but the encrypted messages are still stored in iCloud. WhatsApp has yet to comment on the claims.
The encryption debate has been reignited in recent weeks on both sides of the Atlantic. FBI director James Comey revealed earlier this month that his agency had been unable to access the data on more than 3,000 mobile devices in the first half of the fiscal year, despite having legal authority to avail themselves of the contents.
A recent statement by U.S. senator Dianne Feinstein also appeared to confirm that the government had used $900,000 of public money to pay for the third-party tools to unlock the iPhone used by the San Bernardino terrorist. No information of relevance was found on the device, the FBI later revealed.
Meanwhile in the U.K., government home secretary Amber Rudd recently claimed that it is "completely unacceptable" that authorities cannot gain access to messages stored on mobile applications protected by end-to-end encryption, such as WhatsApp. Rudd said she would be discussing the situation with technology companies in the near future.
Since that time, a draft technical paper prepared by the U.K. government has been leaked that contains proposals related to the removal of encryption from private communications. The paper reveals that companies would be required to provide the raw data "in an intelligible form" without "electronic protection" within one working day. Discussions about the feasibility of the proposals are said to be ongoing.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
14 comments
The United States Senate today voted almost unanimously to approve an anti-robocalling bill that would cut down on the number of illegal robocalls that people receive.
The TRACED Act (Telephone...
Some employees of Snap have access to internal tools that allow them to access Snapchat user data and have in the past abused those tools to spy on Snapchat users, reports Motherboard.
According...
The new high-end 8-core 15-inch MacBook Pro that was announced on Tuesday offers significant performance improvements over the previous high-end 6-core MacBook Pro from 2018, according to new...
Samsung is in talks with Apple about supplying OLED displays for a 16-inch MacBook Pro and future iPad Pro models, according to Korean site The Elec, which does not have a proven track record in...
Students pursuing higher education prefer to use Macs over PCs, according to new data shared today by Apple device management company Jamf.
71 percent of students surveyed said they would either...
A Chinese man on Wednesday pleaded guilty in Oregon to one count of trafficking in counterfeit goods, after he managed to trick Apple into replacing hundreds of fake iPhones with authentic handsets...
Apple has registered eleven unreleased iPhone models in the Eurasian Economic Commission database this week, including models A2111, A2160, A2161, A2215, A2216, A2217, A2218, A2219, A2220, A2221, and...
Apple this week began stocking a new 4K 23.7-inch LG UltraFine Display, which replaces the original 21.5-inch 4K LG UltraFine Display that was pulled from retail stores and the online Apple Store...
