According to latest research published by iOS expert Jonathan
Zdziarski, chat logs, data from WhatsApp remain on your phone notwithstanding
having deleted them.
Forensic traces of WhatsApp chats remain on the phone in spite of
a user having earlier archived or deleted them, Zdziarski found. Such supposedly
deleted messages could be retrieved by someone with physical access to the
device or by law enforcement issuing a warrant to Apple for iCloud backups. The
research shows that although the chat log or data is deleted from WhatsApp, it
is not actually overwritten in the SQLite library and consequently remains on
the phone storage.
Zdziaski wrote in a blog, “I installed the WhatsApp and started a
few different threads, I then archived some, cleared, some, and deleted
some threads. I made a second backup after running the ‘Clear All Chats’
function in WhatsApp. None of these deletion or archival options made
any difference in how deleted records were preserved. In all cases, the
deleted SQLite records remained intact in the database.”
According to Zdiarski, “it appears the only way to get rid of the
chat logs is by deleting the app entirely’’.
WhatsApp owned by parent company, Facebook, has been commended for
its security since the company finalized its rollout of end-to-end
encryption in April. WhatsApp uses the well-regarded Signal Protocol for
its encryption. But some onlookers were excited to see a dent in WhatsApp’s
armor — the CEO of Telegram, Pavel Durov, took advantage of the findings to
critique WhatsApp’s security.
“Even for 10% of something like this security experts would tear
Telegram apart with hundreds of NEVER USE IT tweets,” Durovtweeted. “Funny how
conveniently silent all these ‘experts’ are now, after spending hundreds of
hours bashing TG [Telegram] and promoting WA [WhatsApp].”
Nonetheless, WhatsApp undoubtedly isn’t the only messaging App
with this problem: Zdziarski noted that the issue exists with iMessage as well.
Other Apps like Signal and Wickr leave fewer forensic traces.
WhatsApp users don’t need to panic — the ways this forensic data
could be exported are relatively limited. To overcome this problem, Zdziarski
has some advice for WhatsApp users:
1.
Use iTunes to set a long,
complex backup password for your phone. Do NOT store this password in the
keychain, otherwise it could potentially be recovered using Mac forensics
tools. This will cause the phone to encrypt all desktop backups coming out of
it, even if it’s talking to a forensics tool.
NOTE: If passwords are compelled in your country, you may still be
forced to provide your backup password to law enforcement.
2.
Contemplate pair locking your
device using Configurator. I’ve written up a howto for this; it will
prevent anybody else who steals your passcode, or compels a fingerprint from
being able to pair or use forensics tools with your phone. This is irreversible
without restoring the phone, so you’ll need to be aware of the risks.
3.
Deactivate iCloud backups, as
these do not honor your backup password, and the clear text database can
be obtained, with a warrant, by law enforcement.
4.
Occasionally, delete WhatsApp
from your device and reinstall it to get rid of the database. This appears to
be the only way to flush out deleted records and start on a clean plate.
NOTE: This will not delete databases from existing iCloud backups from
the cloud.
The management of WhatsApp or Facebook its parent company did not
respond to a request for comment.
This article first appeared on Techchrunch
No comments:
Post a Comment