Facebook Inc (NASDAQ:FB) has been taking pride in its end-to-end user encryption in WhatsApp messenger service but a hacker has found a vulnerability that diminishes that pride.
Jonathan Zdziarski who happens to be a digital security expert and digital forensic specialist recently published an article boldly claiming that the messaging service does not actually delete messages from users. Earlier this year, Facebook reported that WhatsApp would feature end-to-end encryptions, meaning users could enjoy conversations without worrying about their messages being intercepted. Zdiziarski initiated some conversations then deleted them as part of his experiment. He even cleared all chats only to discover that the deleted chats could still be accessed in a relational database management system called SQLite.
The researcher revealed that a database of the chats is copied every time the user backs up conversations. The chats are saved in iCloud and in a desktop backup. This can be considered as evidence and there are various risks attached to these backups. One of the risks is that a hacker with access to the backup can access the messages. Apple might also be obliged to give conversation records to the authorities through a court order. Zdziarski, however, does not believe that WhatsApp is purposely holding the information. He also made it clear that WhatsApp developers did not intentionally leave the clear data feature unfinished.
Zdziarksi also provided some advice to Facebook on how to eliminate such loopholes and improve the service. The developers have not released any comments about the matter. However, it is an opportunity for them to improve the future versions of the app to seal the vulnerability. The researcher also pointed out that software firms should be vigilant of a forensic trace in coding. He also urged them to develop protocols that shield users who may be living in regions where there is no free speech.
For now, users that are weary about the backup vulnerability on iOS can turn off the iCloud backup. Alternatively, they can delete the WhatsApp messenger app completely to lower the risks.