WhatsApp may have this year followed iMessage’s lead in adopting end-to-end encryption for its messages, but a security researcher says that both still have a security flaw that can allow deleted messages to be recovered – either from the device, or remotely from iCloud backups.
Jonathan Zdziarski found the flaw in the current version of WhatsApp.
The latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you ‘Clear All Chats.’ In fact, the only way to get rid of them appears to be to delete the app entirely.
Zdziarski says that data was left behind no matter what deletion method was used: archiving, clearing or deleting threads – and he suggests that the same flaw is present in iMessages …
Forensic trace is common among any application that uses SQLite, because SQLite by default does not vacuum databases on iOS (likely in an effort to prevent wear). When a record is deleted, it is simply added to a “free list”, but free records do not get overwritten until later on when the database needs the extra storage (usually after many more records are created) […] In other apps, I’ve often seen artifacts remain in the database for months […]
Apple’s iMessage has this problem and it’s just as bad, if not worse. Your SMS.db is stored in an iCloud backup, but copies of it also exist on your iPad, your desktop, and anywhere else you receive iMessages. Deleted content also suffers the same fate.
The risks for the average user are very low. Retrieving the data would require either unlocked access to one of your devices, or access to your iCloud backup. In practice, unless you’re a suspect in a criminal case, when a court order can compel Apple to provide a copy of your iCloud backup to a law-enforcement agency, the only risk would be the same kind of phishing attack that led to the release of celebrity nudes.
iCloud backups are encrypted, but do not yet employ end-to-end encryption – so can be decrypted by Apple. This is something the company has indicated that it plans to change.
Via TNW. Photo: scottschober.com.
FTC: We use income earning auto affiliate links. More.
Comments