After introducing end-to-end encryption in mobile chats last year, WhatsApp has quietly added new security features to its iCloud backup feature. The iCloud backup encryption has been a feature for some time but it has come out in the open only now, Forbes reported on Tuesday. The messages and chats in iCloud backups are uploaded on Apple servers. “Without any fanfare, it added a unique encryption key created by the WhatsApp app, rather than just relying on the iCloud Drive to protect customer data,” the report added. This comes on top of the end-to-end encryption rolled out for one billion WhatsApp users on mobile platforms.
“When a user backs up their chats through WhatsApp to iCloud, the backup files are sent encrypted,” a WhatsApp spokesperson was quoted as saying. But one Russia-based security company called Oxygen Forensics has claimed to circumvent the encryption. “So what Oxygen does is download data backed up by WhatsApp, and they then require a SIM-card with the same number as the user so they can receive the verification code. They can then generate the key and decrypt downloaded data,” the report said.
What this means is that government officials with access to a SIM card can potentially use it to still gain access to encrypted messages stored in iCloud.WhatsApp rolled out the encryption to all of its platforms and users in April last year.