In its relatively short life, the popular messaging service WhatsApp has not just become a widespread communication tool but also emerged as a bastion of cybersecurity good practice. Now, that reputation has been bolstered further still, through the encryption of backups stored in Apple’s iCloud.
By making message backups more difficult for hackers and spies to access, WhatsApp has reaffirmed its commitment to cyber security and shown others all across the globe just how it’s done.
Though iCloud accounts are already encrypted, they can still be accessed by anyone with Apple’s key. This means that, in theory, Apple could hand over message information to law enforcement agencies if requested to do so. However, WhatsApp has proceeded to encrypt the messages contained therein with an encryption key of its own, meaning law enforcers wouldn’t simply need to acquire the Apple key but the WhatsApp one as well.
Though not confirmed by WhatsApp, it appears that anyone trying to break the code would not only need the mobile device’s SIM card but also the iCloud password. However, some analysts have said that WhatsApp itself can access the messages, meaning it doesn’t need quite so much user intervention. Until WhatsApp explains its working (or opens the technology up so it can be rigorously tested and then tweaked), white hat hackers are left to try and force their way into finding a solution.
The messaging company also remains tight lipped (for now) on the extent of this development. Whilst the encryption currently covers iPhone users, it’s not yet known for definite whether a similar update has been rolled out for Android devices too.
Arguably most interesting about this development is that it’s thought to date back to 2016, meaning WhatsApp rolled it out without fanfare. The reason it has come to light now is that cyber security firm Oxygen Forensics believes it may have found a way to circumvent the encryption. However, it’s not a total hack of the system, as messages accessed using Oxygen’s method can only be retrieved in very specific circumstances.
It seems WhatsApp may have lost the encryption battle, but it’s still winning the war.