News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • WhatsApp to encrypt backup chats end-to-end for iOS and Android

    Home Forums Code Red – Security/Privacy advisories WhatsApp to encrypt backup chats end-to-end for iOS and Android

    Viewing 9 reply threads
    • Author
      Posts
      • #2389391
        Alex5723
        AskWoody Plus

        WhatsApp to encrypt backup chats end-to-end for iOS and Android on iCloud and Google Drive.

        Both Apple and Facebook won’t be able to decrypt chats even after court orders.

        WhatsApp has announced it will give its two billion users the option to upload their chat backups to Apple’s iCloud using password-protected encryption….Given that Apple holds the encryption keys for ‌iCloud‌, a subpoena of Apple or an unauthorized ‌iCloud‌ hack could potentially allow access to WhatsApp messages backed up there. Apple was reportedly pressured to not add encryption to ‌iCloud‌ Backups after the FBI complained.

        The upcoming WhatsApp feature will resolve that security vulnerability by allowing users to encrypt and password-protect their chat history before uploading it to Apple’s cloud-based platform….The rollout will make backups secure in remote ‌iCloud‌ servers by making them unreadable without an encryption key. Encrypted backups will be optional, and users will be asked to save a 64-bit encryption key or create a password that is associated with the key…

        1 user thanked author for this post.
      • #2389394
        doriel
        AskWoody Lounger

        Apple was reportedly pressured to not add encryption to ‌iCloud‌ Backups after the FBI complained.

        Interesting.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        PRUSA i3 MK3S+

      • #2389395
        Alex5723
        AskWoody Plus

        Apple was reportedly pressured to not add encryption to ‌iCloud‌ Backups after the FBI complained.

        Interesting.

        The data on iCloud is encrypted by Apple.
        Apple couldn’t and still can’t stop users from encrypting data before uploading to iCloud.

        an unauthorized ‌iCloud‌ hack could potentially allow access to WhatsApp messages..

        iCloud has never been hacked.

        • #2389406
          doriel
          AskWoody Lounger

          I agree, there is some dafault encryption by Apple. If FBI asks for certain account, that is suspicious, then they could get the data, but I belive, that even Apple is not able to decrypt them. If someone uploads encrypted data, there is nothing that anyone could od about it. Thats the principle of encryption.
          I dont know, if FBI wants to have access to all accounts instantly, whenever thy want to? That is very serious invasion of privacy.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          PRUSA i3 MK3S+

      • #2389417
        Alex5723
        AskWoody Plus

        I dont know, if FBI wants to have access to all accounts instantly, whenever thy want to? That is very serious invasion of privacy.

        The FBI wanted a backdoor to iPhones,… They know that by court order they can, and do, get iCloud data.
        No one has free access to iCloud (except China and Russia which probably have the encryption keys)

        • #2389662
          OscarCP
          AskWoody Plus

          Alex: “The FBI wanted a backdoor to iPhones,… They know that by court order they can, and do, get iCloud data.”

          Yes, but what can the FBI then do with the data if it is encrypted in such a way that not even Apple can de-encrypt it for them? Asked the Chinese or the Russians to help? And how does this “end-to-end encryption” work anway?

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

      • #2389565
        Michael Austin
        AskWoody Plus

        No one has free access to iCloud (except China and Russia which probably have the encryption keys)

        Yup 😉

        Finance, social and tech founder. Managing director of new crowd sourced games in pre-release development. Director on a new consortium to bring fractional ownership of heritage antiquities to the blockchain. My planet-wide talk show for people craving new stories by which to live is Casual Saints.
        1 user thanked author for this post.
      • #2389679
        Alex5723
        AskWoody Plus

        Yes, but what can the FBI then do with the data if it is encrypted in such a way that not even Apple can de-encrypt it for them?

        Today the iCloud data is encrypted by Apple which has the key so with a judge order Apple does forward to the FBI all the data needed.

        • #2389687
          OscarCP
          AskWoody Plus

          Alex, I was asking for an explanation of this that you wrote in this thread earlier:

          Both Apple and Facebook won’t be able to decrypt chats even after court orders.”

          As I read this, it means that when the chips are down, Apple is not necessarily promising to say: We won’t decrypt this for you, FBI, and you can tell the judge we don’t care about IT search warrants”, instead it looks like it would be saying: “We are not able to decrypt this for you, FBI, even if we wanted to, because that is how this works and, please, tell that to the judge too.”

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

      • #2389688
        Alex5723
        AskWoody Plus

        ” We are not able decrypt this for you, FBI, even if we wanted to, because that is how this works, so, please, tell that to the judge too.”

        That is exactly the answer that WhatsApp is giving every court in the world when asked to surrender users data. WhatsApp doesn’t have the keys to end-to-end encrypted massages.

        So now, backups of WhatsApp messages to iCloud and Google Drive will be privately encrypted with no way for Apple and Google to decrypt.

        1 user thanked author for this post.
        • #2389689
          OscarCP
          AskWoody Plus

          Thanks, Alex, but I really, really would like to know the answer to my one question, still unanswered, even after reading the article you have linked, as to how does this “even Apple cannot decrypt” because of end-to-end encryption (?) business that you brought along into this thread, can possibly work at all, in the first place? Does each party share with the other its public key, itself encrypted with a mystery method so powerful that not even Apple master decoders can crack, even when Apple provides it?

          If this is possible, why bother with encrypted public keys and instead mysteriously encrypt the whole back and forth exchange in the ongoing chat? In other words: Ouroborus.

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

          • #2389690
            doriel
            AskWoody Lounger

            “even Apple cannot decrypt”

            I heard this premise too. But I believe the decryption key database exists.

            Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

            HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

            PRUSA i3 MK3S+

      • #2389691
        Alex5723
        AskWoody Plus

        I heard this premise too. But I believe the decryption key database exists.

        No, it does not. Only the users has the keys.
        WhatsApp doesn’t have the keys for todays end-to-end encrypted messages.

        • #2389873
          Michael Austin
          AskWoody Plus

          OK… youse guys follow this far more closely than do I. But, for anything coming from WhatsApp/Facebook I generally take everything they claim with a semi loaded with sacks of table salt.

          Facebook Lied – It’s Reading Your Private WhatsApp Messages, from Children’s Health Defense

          Finance, social and tech founder. Managing director of new crowd sourced games in pre-release development. Director on a new consortium to bring fractional ownership of heritage antiquities to the blockchain. My planet-wide talk show for people craving new stories by which to live is Casual Saints.
      • #2389692
        Alex5723
        AskWoody Plus

        Does each party share with the other a public key encrypted with a mystery method so powerful that not even  Apple can crack?

        Apple isn’t a hacker and doesn’t crack encrypted data.

        You don’t share any key with 3rd party. It is your personal backup for you to decrypt when needed. Example : when upgrading to a new iPhone, iPad, Mac.. and restoring all WhatsApp message from iCloud.

        1 user thanked author for this post.
        • #2389694
          OscarCP
          AskWoody Plus

          Alex: “Apple isn’t a hacker and doesn’t crack encrypted data.

          Oh, I see. So what Apple would do is to give the encrypted chats saved in wherever to the FBI and tell them: “Here FBI, decrypt this and be gone. And give our regards to the Judge.”

          Yes, that might work. For the FBI, the judge, and Apple. Nobody but the user is going to be due for a visit from the Men In Black wearing dark glasses even in the very early morning.

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

          1 user thanked author for this post.
      • #2389696
        Alex5723
        AskWoody Plus

        Oh, I see. So what Apple would do is to give the encrypted chats saved in wherever to the FBI and tell them: “Here FBI, decrypt this and be gone. And give our regards to the Judge.”

        Yes, that would work.

        Or, tell the FBI what WhatsApp is been telling : ‘Get Lost’ we can’t decrypt.
        Messages could have double encryption : 64bit key + password (any length).

        1 user thanked author for this post.
    Viewing 9 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: WhatsApp to encrypt backup chats end-to-end for iOS and Android

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.