{"id":989,"date":"2016-08-01T03:17:15","date_gmt":"2016-08-01T03:17:15","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=989"},"modified":"2024-12-23T07:45:33","modified_gmt":"2024-12-23T07:45:33","slug":"hacker-finds-breach-in-whatsapps-encryption-system","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/hacker-finds-breach-in-whatsapps-encryption-system-989\/","title":{"rendered":"Hacker finds breach in WhatsApp\u2019s encryption system"},"content":{"rendered":"

A security expert has found a breach in WhatsApp<\/strong>\u2019s supposed \u2018end-to-end\u2019 encryption system<\/strong>. On earlier 2016, the Facebook-owned company proudly announced that messages would feature end-to-end encryption, thus giving users the tranquility that their private conversations would remain untouched.<\/p>\n

Jonathan Zdziarski, a digital forensic specialist and digital security expert, published an article on Thursday with bold declarations. He stated that WhatsApp does not really delete users\u2019 messages. Zdziarski started several conversations on his WhatsApp account, using an iPhone. After a bit of chit-chat, he deleted, cleared and archived some of the conversations. Finally, he clicked the \u201cClear All Chats\u201d feature.<\/p>\n

\"Hacker<\/p>\n

The \u201cdeleted records\u201d were not actually deleted since the messages still appeared in SQLite, a relational database management system. According to Zdziarski, the chat\u2019s database gets copied every time an iPhone users does a backup, saving it in a desktop backup and iCloud (Zdziarski states that this is \u201cirrelevant to whether or not you use WhatsApp\u2019s built-in iCloud sync\u201d).<\/p>\n

Which are the risks?<\/h3>\n

Zdziarski stated that the \u201cleftover\u201d evidence in SQLite poses some risks. For example, if somebody has physical access to a smartphone, he or she could hack it and create a backup of that information. In the same way, if a hacker has physical access to a computer, he or she could enter an \u201cunencrypted backup\u201d and access messages.<\/p>\n

Law enforcement could obtain clear records of conversations by giving Apple a court order. Zdziarski has been very clear in stating that he doesn\u2019t believe WhatsApp is keeping information on purpose. He even offers some advice in the article about how the company could make the service better and safer.<\/p>\n

\"Hacker<\/p>\n

Alternatives<\/h3>\n

For Zdziarski, the only way to truly delete WhatsApp messages is to remove the app entirely. However, he offered some tips to \u201cminimize\u201d risks. For example, using iTunes to set a very complex backup password could help. Using Configurator to lock the smartphone is also a good idea since it makes harder for someone else to steal the phone\u2019s passwords.<\/p>\n

Finally, users would have to disable iCloud backup. If the user still feels uneasy, there are still a few safer alternatives. Telegram, an app available for Android and iOS, promises to have end-to-end encryption. The app is very popular in NGOs for even having a \u201cself-destruct\u201d modality for messages.<\/p>\n

Telegram\u2019s founder, Pavel Durov, founded the social networking site VK. He had an argument with Russian authorities and left his country in a self-imposed exile. VK is now owned by Mail.Ru Group, which has the monopoly of social networking market in Russia and is a Putin ally.<\/p>\n

After this, he decided to create the instant messaging service with the aim of giving Russians a secure messaging app that would be unbreakable by Russian intelligence services. The BlackBerry Messenger service is also secure since the PIN-to-PIN service uses \u201cTriple Data Encryption Standard\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"

A security expert has found a breach in WhatsApp\u2019s supposed \u2018end-to-end\u2019 encryption system. On earlier 2016, the Facebook-owned company proudly announced that messages would feature end-to-end encryption, thus giving users the tranquility that their private conversations would remain untouched. Jonathan Zdziarski, a digital forensic specialist and digital security expert, published an article on Thursday with … Continue reading Hacker finds breach in WhatsApp\u2019s encryption system<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[373,372,226],"class_list":["post-989","post","type-post","status-publish","format-standard","hentry","category-news","tag-encryption-system","tag-hacker","tag-whatsapp"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/989","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=989"}],"version-history":[{"count":2,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/989\/revisions"}],"predecessor-version":[{"id":994,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/989\/revisions\/994"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=989"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=989"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=989"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}