WhatsApp encrypting iCloud backups of chat logs, but may be vulnerable
Facebook-owned WhatsApp quietly began encrypting iCloud backups of chat logs in late 2016, a report revealed this week — though that protection may now be compromised.
"When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted," a spokesperson confirmed with Forbes. In theory that should prevent hackers, police, or spy agencies from being able to read transcripts, even with a subpoena or security letter delivered to Apple.
The encryption was only noticed publicly, however, when a security firm — Oxygen Forensics — recently claimed it was able to crack the enhanced backups. The technique does require access to a SIM card with the same phone number WhatsApp uses to send verification codes however, since this is the basis for the encryption key WhatsApp uses.
Like Apple's iMessage network, WhatsApp has become a frequent target of governments concerned that end-to-end encryption is interfering with investigations and allowing terrorists and others to operate outside of their reach. The service has come under particularly heavy fire in Brazil, where lower courts have repeatedly leveled sanctions only to have them overturned.
Some in the U.S. and U.K. governments have called for rules that would force companies like Apple and WhatsApp to be able to decrypt data on demand. That would involve deliberately weakening the encryption used, however, and/or creating a backdoor, which companies like Apple have argued would put customers at risk while simply directing malicious parties towards alternate secrecy methods.