Researcher finds fault in WhatsApp that keeps deleted chats and says that iMessage has the same problem

In these dark days when security, privacy, encryption and invasion are such recurring words in our digital daily life, any slight flaw in the applications we use the most, with full justification, of concern. So it is good to pay attention to the study by Jonathan Zdziarski, a researcher focused on iOS.

The specialist published a post reporting his tests with the Whatsapp running on iOS and its finding that, even after being deleted by the user, app conversations can still be recovered through their daily backup. Analyzing disk images of these backups, made by the most recent version of the application, he realized that the data that should have been deleted are still in the file, marked as “deleted” but still there.

The flaw is attributed, according to Zdziarski, the SQLite library used to write the application: just like most of the file systems we know, the data deleted in it is not effectively deleted, just marked as such and left as free space to be overwritten when they are overwritten. new data is generated. The problem is that, in the case of an instant messaging application, this data that should have disappeared from the map can take weeks or months to be overwritten and effectively deleted, that is, a forensic analysis tool could recover deleted conversations for a good amount of time. time it would be enough to have access to the device or iCloud account where the backup is saved, since this file is sent to Apple servers without encryption.

These flaws, the researcher points out, are not restricted to WhatsApp. As the iMessage built on the same library, the loophole would be the same in the Apple messenger, or even worse, as he says since, instead of the conversations being saved locally on a device just beyond backup (like the messenger of the Facebook), they would be spread across a series of user devices (Mac, iPhone, iPad).

Zdziarski then lists some ways to get around even if in part the flaw: using a strong password to access WhatsApp's local backup (and not leaving it in iCloud Keys), disable the ability to send the backup to iCloud (j that, unlike the local alternative, a non-encrypted backup in the cloud could be accessed with a court order, for example) and, more drastically, delete and download the WhatsApp application from time to time (in this way, the backup and conversations are effectively deleted).

The idea of ​​the specialist with the announcement of the discovery is not to leave anyone in a panic, because even if a backup of someone is recovered, extracting his conversations is not a simple task, but it shows that, in the digital world, hardly anything really disappears.

In times of Brazilian justice blocking the messenger every other day, not to retrieve pieces of information, this is a good maxim for us to always remember.

(via The Verge)