Author: Thomas Fox-Brewster / Source: Forbes
Why You Should Open A Roth IRA Today
In late 2016, WhatsApp decided to quietly improve the security of its iCloud backups, where messages and contacts are uploaded to Apple servers. Without any fanfare, it added a unique encryption key created by the WhatsApp app, rather than just relying on the iCloud Drive to protect customer data.
That meant that anyone who’d somehow acquired access to iCloud data would have an especially hard time getting at any of the WhatsApp data held within, whether they’re cops who’d seized a device or any hacker who’d managed to access another’s Apple account. On top of the end-to-end encryption rolled out across one billion WhatsApp users, it’s become significantly more difficult for anyone to intercept comms on the app.
Forbes only learned about the most recent improvement last week after a Russian supplier of mobile and cloud hacking tools, Oxygen Forensics, claimed to have added a feature that allowed the company to circumvent the added encryption. WhatsApp confirmed Friday it’d enhanced iCloud security sometime in late 2016, though didn’t offer any further detail. “When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted,” a spokesperson said.
Vladimir Katalov, CEO of rival forensics firm and another Russian business, Elcomsoft, explained to me how the update worked and what Oxygen was doing to circumvent the encryption. While Oxygen isn’t fibbing about its ability to retrieve WhatsApp messages from the iCloud, its tools will only work in a very specific scenario, he said.
To understand what barriers Oxygen’s Forensic Detective is up against, it’s necessary to first understand what WhatsApp actually did. As explained by Katalov, when the user opts to upload their WhatsApp data to the iCloud Drive, and they’ve entered a texted verification code sent by the Facebook-owned firm, a unique encryption key is generated. That key is then used to encrypt the data uploaded to the iCloud Drive.
Forensic tools can download that data but in order to decrypt it on any device other than the…
Click here to read more