Web Analytics

WhatsApp and iMessage have a security flaw that hackers can use

Both WhatsApp and iMessage have a security flaw that can allow eavesdropping of your message records. A researcher recently discovered the flaw in WhatsApp and said the same flaw can allow recovery of deleted messages in iMessage. According to Jonathan Zdziarski, someone can recover deleted messages from the device or iCloud backup records.

WhatsApp adds end to end encryption for text and voice serviceWhatsApp is a cross-platform third-party chatting app. The app carries incredible feature such as video calls, instant messages, media sharing and groups. The latest version of the app allows you to attach documents. Though not so popular in the west, WhatsApp has quite a following in Asia and Africa.

Now, according to Zdziarski, the latest version of WhatsApp leaves what he termed “forensic trace” of all deleted and archived chats. He added that the trace also applies even after you “Clear All Chats”. The researcher stated that the only way to make sure no one recovers the chat records from the forensic trace is to delete the entire app. Also, the people you chatted with have to remove their apps too.

Zdiarski went ahead to state that the same flaw existed in iMessage. He explained that forensic trace is present in applications that use SQLite. In iOS, SQLite, by default, does not vacuum databases to prevent wear. Therefore, deleting the chats adds then to what he called a “free list”. The records in the “free list” will only disappear when there is the need to create more space for more records. If you do not chat a lot, the records will remain on the “free list” for a very long time.

Apple’s iMessage has the same problem. In Apple’s case, the problem is worse. iMessage automatically sends data to iCloud backup. Copies of your conversations are available on all your Apple devices. Deleted content leaves a forensic trace as in the case of WhatsApp.

iMessage and WhatsApp both have end-to-end encryption. iCloud backups are encrypted but not end-to-end. Therefore, Apple can decrypt data stored in iCloud. Apple hopes to change the encoding of iCloud soon.

Fortunately, if you are an average user of these two apps, you are in the low-risk zone for a data breach. For anyone to retrieve the chat records, they need access to your devices or access to iCloud. Apple can only provide the iCloud backup data when compelled by a court order. The risk an ordinary user faces is a phishing attack, similar to the one that led to the release of compromising celebrities’ photos in 2014.