WhatsApp Quietly Extends Encryption to iCloud Backups of Chat Logs

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, May 9, 2017.

  1. MacRumors macrumors bot


    Apr 12, 2001

    WhatsApp has bolstered the security of the iCloud backup feature in its messaging platform, in an attempt to protect archived chat logs from being accessed in a readable form (via TechCrunch).

    WhatsApp has offered end-to-end encryption on its messaging service for some time, but that encryption did not previously extend to iCloud backups of messages. Given that Apple holds the encryption keys for iCloud, a subpoena of Apple or an unauthorized iCloud hack could potentially allow access to WhatsApp messages backed up there.


    However, WhatsApp has moved to prevent that possibility by also pre-encrypting the backup files. "When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted," a WhatsApp spokesperson told Forbes, confirming the change.

    WhatsApp quietly added the encryption to WhatsApp iCloud backups late last year, however the change only came to light last week when professional hackers claimed to be able to circumvent the security measure.

    According to Russian-based Oxygen Forensics, third-party hacking tools are able to download the encrypted WhatsApp data backed up to iCloud and then generate an encryption key to decrypt the data using the associated SIM card. The tools could potentially be used by police with access to a phone where the WhatsApp account has been deactivated but the encrypted messages are still stored in iCloud. WhatsApp has yet to comment on the claims.

    The encryption debate has been reignited in recent weeks on both sides of the Atlantic. FBI director James Comey revealed earlier this month that his agency had been unable to access the data on more than 3,000 mobile devices in the first half of the fiscal year, despite having legal authority to avail themselves of the contents.

    A recent statement by U.S. senator Dianne Feinstein also appeared to confirm that the government had used $900,000 of public money to pay for the third-party tools to unlock the iPhone used by the San Bernardino terrorist. No information of relevance was found on the device, the FBI later revealed.

    Meanwhile in the U.K., government home secretary Amber Rudd recently claimed that it is "completely unacceptable" that authorities cannot gain access to messages stored on mobile applications protected by end-to-end encryption, such as WhatsApp. Rudd said she would be discussing the situation with technology companies in the near future.

    Since that time, a draft technical paper prepared by the U.K. government has been leaked that contains proposals related to the removal of encryption from private communications. The paper reveals that companies would be required to provide the raw data "in an intelligible form" without "electronic protection" within one working day. Discussions about the feasibility of the proposals are said to be ongoing.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: WhatsApp Quietly Extends Encryption to iCloud Backups of Chat Logs
  2. kyleh22 macrumors 6502


    Apr 26, 2012
    Baltimore, MD
    This is awesome. I love me some encryption :)
  3. Gutwrench Contributor


    Jan 2, 2011
    1. Good for privacy
    2. I use WhatsApp sparingly
    3. I don't back up conversations, no need
  4. Keane16 macrumors 6502a


    Dec 8, 2007
    As a Brit, I was so annoyed with this tech paper. Some politicians just don't get it.
    --- Post Merged, May 9, 2017 ---
    I had a close friend pass away recently. Never had I been so glad that I keep all my messages and back them up (iMessage, Whatsapp, Telegram etc.).
  5. miknos Suspended


    Mar 14, 2008
    80% of whatsapp users use the backup feature. So in essence "only" Apple, Google, governments with subpoenas and hackers can get access since that encryption is not that strong.

    Use Signal instead. Whatsapp is a false sense of privacy.
  6. thisisnotmyname macrumors 68000


    Oct 22, 2014
    known but velocity indeterminate
    I'd like the option from Apple to encrypt iCloud backups with my own key. I'm ok with the fact that if I lose my key my backup will be lost forever. Until then I'll continue using only local encrypted backups.

    edit: I have my issues with Comey but I at least appreciate his pragmatic approach that if lawmakers won't force access to encrypted devices we'll just need to change expectations about evidence gathering but law enforcement will go on. I realize he has undertones of FUD to that statement but at least he's being honest that it's not the end of law enforcement, there will just be some information inaccessible to them.
  7. Abazigal macrumors G4


    Jul 18, 2011
    Nice. Can I also have a native Apple Watch app for whatsapp?
  8. Sasparilla macrumors 65816

    Jul 6, 2012
    Nice, although I think your active contact information (who you talked to with the application and when) is still open and available upon request. Facebook owns them I think.
  9. Gutwrench Contributor


    Jan 2, 2011
    Im so sorry. Yes I'll rethink my comment. Thank you.
  10. JosephAW macrumors 68020


    May 14, 2012
    My friend's problem with WhatsApp is that he has a tremor and can't type so he used the record audio button, except the button is so small that he keeps sliding off his finger and has to press it again to continue recording.
    I talked to WhatsApp support but they didn't see a need to increase the button size or fix the problem.
    We were using HeyTell and they have a huge button but their service is limited to so many recordings per person.
  11. b0nd18t macrumors 6502


    Apr 9, 2012
    So the only reason we know it exists, is because it's already hacked/broken? o_O
  12. sudo1996 Suspended


    Aug 21, 2015
    Berkeley, CA, USA
    Signal is also a false sense of privacy. How do you know you're getting the right public keys?
  13. miknos Suspended


    Mar 14, 2008
    It's open source.

    You can check them: click a contact, click on its name, verify safety numbers.
  14. sudo1996 Suspended


    Aug 21, 2015
    Berkeley, CA, USA
    OK, as long as you do that for all your contacts. Otherwise, it's worthless. And I know people out there are just using these things and pretending like public keys are magically known.

Share This Page

14 May 9, 2017