14 DAY TRIAL // While some law enforcement agencies would like nothing more than for encryption to vanish from the world, especially for messaging apps, WhatsApp has silently added another layer of security to its systems.
More specifically, WhatsApp has added encryption for messages backed up on iCloud. This should greatly increase security of its users against hackers and, why not, government spies.
End-to-end encryption was introduced by WhatsApp last year, preventing intercepted messages from being read, therefore rendering them useless. Until recently, however, chats that were backed up by iPhone users to the iCloud were in readable form, the Telegraph reports.
It's true that iCloud accounts are already encrypted, but someone with Apple's decryption key would be able to access the entire communication history of any user. So could hackers of any kind.
"When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted," WhatsApp said on the matter.
This is a great layer of security that is now being offered to iPhone users. It is unclear at this point whether or not WhatsApp has done the same for Android users, but it would make sense for this to happen since there are way more Android users than iOS.
Some think they can crack it
Although this is a great feature to have, Forbes reports that FBI contractors think they can already crack it.
Russian supplier of mobile and cloud hacking tools Oxygen Forensics claimed to have added a feature that allows them to circumvent this newly added encryption.
Vladimir Katalov, CEO of rival firm Elcomsoft, discussed the matter with the publication and explained that the tool Oxygen Forensics introduced only works in certain circumstances.
When someone wants to upload their WhatsApp data to the iCloud, they need to enter a verification code that's texted to them. Then, a unique encryption key is generated, which is then used to encrypt the data uploaded to the iCloud.
In order for Oxygen Forensic's tool to work, they need to download the data and decrypt it, for which they need the key. This key can only be obtained by having a SIM-card with the same number as the user so they can receive the verification code. Basically, at the end of it all, they need the Apple ID, password and the SIM card or phone. While it's true there's a way to crack open WhatsApp's new protections, it's a rather complicated method.