Skip to main content

Security researcher finds message storage flaw in WhatsApp, says same vulnerability present in iMessages

WhatsApp may have this year followed iMessage’s lead in adopting end-to-end encryption for its messages, but a security researcher says that both still have a security flaw that can allow deleted messages to be recovered – either from the device, or remotely from iCloud backups.

Jonathan Zdziarski found the flaw in the current version of WhatsApp.

The latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you ‘Clear All Chats.’ In fact, the only way to get rid of them appears to be to delete the app entirely.

Zdziarski says that data was left behind no matter what deletion method was used: archiving, clearing or deleting threads – and he suggests that the same flaw is present in iMessages …

Forensic trace is common among any application that uses SQLite, because SQLite by default does not vacuum databases on iOS (likely in an effort to prevent wear). When a record is deleted, it is simply added to a “free list”, but free records do not get overwritten until later on when the database needs the extra storage (usually after many more records are created) […] In other apps, I’ve often seen artifacts remain in the database for months […]

Apple’s iMessage has this problem and it’s just as bad, if not worse. Your SMS.db is stored in an iCloud backup, but copies of it also exist on your iPad, your desktop, and anywhere else you receive iMessages. Deleted content also suffers the same fate.

The risks for the average user are very low. Retrieving the data would require either unlocked access to one of your devices, or access to your iCloud backup. In practice, unless you’re a suspect in a criminal case, when a court order can compel Apple to provide a copy of your iCloud backup to a law-enforcement agency, the only risk would be the same kind of phishing attack that led to the release of celebrity nudes.

iCloud backups are encrypted, but do not yet employ end-to-end encryption – so can be decrypted by Apple. This is something the company has indicated that it plans to change.

Via TNW. Photo: scottschober.com.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications