“Sorry, folks, but while experts say that encryption works on WhatsApp, it seems that the latest version of the app leaves a forensic trail of all your chats, even after that you have deleted, cleaned or archived … even if you give ‘delete all chats’. in fact, the only way to get rid of them seems to be clear the app completely ” .
with this verdict, the expert in digital security iOS, Jonathan Zdziarski, he unleashed a minitormenta around one of the services of world’s most popular messaging, with over 1,000 million monthly active users.
“for 10% of that security experts would destroy a Telegram with thousands of tweets saying DO NOT USE NEVER” wrote executive director of the rival application Telegram, Pavel Durov.
preserving privacy is one of the key aspects for messaging services. Until recently, WhatsApp was considered one of the least safe.
But in April, the popular app introduced a change, a few weeks after the FBI asked Apple access to data on the iPhone in a criminal case.
“we are proud to announce that we have completed a technological development that makes WhatsApp to become a leader in protecting your private communication: the end-to-end encryption. “, he said the company in a blog post then
for 10% of that security experts would destroy a Telegram with thousands of tweets saying NEVER DO NOT USE”
Pavel Durov, Telegram
“Ni WhatsApp or third can read or listen to messages and calls,” noted the message that began then receive the application users.
following the Zdziarski research, have not lacked who has branded encryption WhatsApp of “myth” or even “lie” .
So far the company has not responded to the claims of Zdziarski .
So, how far is really an affirmation or the other?
remain in the device
according to Zdziarski, WhatsApp does erase the messages, ie, “ not seem to be trying to preserve data intentionally “.
But according to research conducted on mobile iPhone Her specialites-” the record itself is not purged or deleted from the database , leaving a forensic device that can be recovered and reconstructed to its original form “.
in practice, what this means is that traces of the message left on the phone. “The ephemeral communication is not ephemeral in the record,” says the expert.
Consequently, “the authorities can potentially issue an order demanding that Apple get your chat logs, which may include deleted messages” but backed up in the cloud. Or even rebuild from information found on the device.
the problem is not exclusive to WhatsApp .
“In theory, full encryption, either on messaging applications or other communication is completely secure and able to protect the security of who is using it, “explains the BBC Lee Munson, security researcher Comparitech.com site.
“in practice, however, the problem is that full encryption is only one phrase to describe complex very difficult mathematical operations to break (…). But the possibility of achieving increases with time. “
are the messages residing on your phone or computer that pose the greatest risk , explains Richard Cassidy, evangelist cybersecurity firm Alert Logic .
“Without going into the question of people who come to your phone or computer by perverse techniques, if you delete conversations remain traces that can be recovered with the right search tools,” he says.
there is no bulletproof encryption, only ‘strongest encryption’ “
Stephen Gates, cybersecurity expert
according to the specialist, the encryption will make the task more difficult, but not impossible. And unfortunately, solutions to the phone are comparatively less effective than for computers.
What to do?
No solution seems to be perfect .
in principle, the solution WhatsApp security “ is good enough for the typical consumer ” says Munsö.
“. Whoever feels concerned must ensure that their equipment is safe enough that means strong passwords and avoid authentication systems based on biometrics”
The specific recommendations Zdziarski include:
- Use iTunes to set a password backup larg a and complej a .
- Disable backups in the cloud .
- From time to time deletes the application (WhatsApp) of your phone and reinstall it , to clean up the database. “This seems to be the only way to clear the records and start that the principle”.
But in any case, do not call misleading .
“individuals who use this type of apps should understand that any encryption can be broken,” he tells BBC News Stephen Gates, head of research intelligence firm NSFOCUS.
“No bulletproof encryption, only ‘stronger encryption.’ “
No comments:
Post a Comment