Saturday, 30 July 2016

Beware! Research Proves Deleted WhatsApp Messages Aren’t Actually Deleted

 According to latest research published by iOS expert Jonathan Zdziarski, chat logs, data from WhatsApp remain on your phone notwithstanding having deleted them.

Forensic traces of WhatsApp chats remain on the phone in spite of a user having earlier archived or deleted them, Zdziarski found. Such supposedly deleted messages could be retrieved by someone with physical access to the device or by law enforcement issuing a warrant to Apple for iCloud backups. The research shows that although the chat log or data is deleted from WhatsApp, it is not actually overwritten in the SQLite library and consequently remains on the phone storage.

Zdziaski wrote in a blog, “I installed the WhatsApp and started a few different threads, I then archived some, cleared, some, and deleted some threads. I made a second backup after running the ‘Clear All Chats’ function in WhatsApp. None of these deletion or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database.”

According to Zdiarski, “it appears the only way to get rid of the chat logs is by deleting the app entirely’’.

WhatsApp owned by parent company, Facebook, has been commended for its security since the company finalized its rollout of end-to-end encryption in April. WhatsApp uses the well-regarded Signal Protocol for its encryption. But some onlookers were excited to see a dent in WhatsApp’s armor — the CEO of Telegram, Pavel Durov, took advantage of the findings to critique WhatsApp’s security.

“Even for 10% of something like this security experts would tear Telegram apart with hundreds of NEVER USE IT tweets,” Durovtweeted. “Funny how conveniently silent all these ‘experts’ are now, after spending hundreds of hours bashing TG [Telegram] and promoting WA [WhatsApp].”

Nonetheless, WhatsApp undoubtedly isn’t the only messaging App with this problem: Zdziarski noted that the issue exists with iMessage as well. Other Apps like Signal and Wickr leave fewer forensic traces.

WhatsApp users don’t need to panic — the ways this forensic data could be exported are relatively limited. To overcome this problem, Zdziarski has some advice for WhatsApp users:

1.     Use iTunes to set a long, complex backup password for your phone. Do NOT store this password in the keychain, otherwise it could potentially be recovered using Mac forensics tools. This will cause the phone to encrypt all desktop backups coming out of it, even if it’s talking to a forensics tool.

NOTE: If passwords are compelled in your country, you may still be forced to provide your backup password to law enforcement.

2.     Contemplate pair locking your device using Configurator. I’ve written up a howto for this; it will prevent anybody else who steals your passcode, or compels a fingerprint from being able to pair or use forensics tools with your phone. This is irreversible without restoring the phone, so you’ll need to be aware of the risks.
3.     Deactivate iCloud backups, as these do not honor your backup password, and the clear text database can be obtained, with a warrant, by law enforcement.
4.     Occasionally, delete WhatsApp from your device and reinstall it to get rid of the database. This appears to be the only way to flush out deleted records and start on a clean plate.

NOTE: This will not delete databases from existing iCloud backups from the cloud.

The management of WhatsApp or Facebook its parent company did not respond to a request for comment.

 This article first appeared on Techchrunch