- what’s new
- Health & Fitness
- gift ideas
- Buying Guide
- Quick Reads
WhatsApp had very quietly added encryption to its Apple iCloud backups in late 2016 after a company called Oxygen Forensics proved that they could circumvent the security measure with specific tools and circumstances.
The report comes via Forbes, who received a confirmation from WhatsApp that the iCloud backups are indeed being encrypted. “When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted.”
The workaround the security measure wasn’t simply a matter of hacking into a server, however. Oxygen Forensics shared with Forbes exactly how the hack would work, which not only require special forensic tools but also the SIM card of the Whatsapp user.
First, forensic tools are apparently used to download the encrypted WhatsApp data from the iCloud servers. Then, using the associated SIM card with the same mobile number that WhatsApp uses to send a verification code to generate the encryption for the iCloud backup, Oxygen Forensic says that it can generate the encryption key for the data by passing the verification process again.
While most users will be immune to this potentially devastating hack, since it requires elaborate tools and of course, the SIM card, the police could easy acquire and breach into the security of a WhatsApp user, which may or may not be illegal based on the laws of the country they reside in. For example, the FBI was involved with a tussle with Apple last year when it took the iPhone maker to court after it resisted to help gain access to a locked iPhone belonging to a criminal. The FBI later had to pay a third party company to gain access to the device.
It wasn't long ago when WhatsApp patched a malicious file sharing vulnerability, which allowed hackers to get access to the user's WhatsApp data when a particular image file is opened.