Deleted WhatsApp chat messages may be easy to recover, according to a security researcher.
Jonathan Zdziarski said in a blog post that a flaw in the messaging app could leave forensic traces of chat messages after they have been deleted, cleared or archived.
“The latest version of the app tested leaves forensic trace of all of your chats, even after you've deleted, cleared, or archived them… even if you ‘Clear All Chats',” said Jonathan Zdziarski. “In fact, the only way to get rid of them appears to be to delete the app entirely.”
He added that WhatsApp only removed pointers to messages but not the messages themselves. He tested the app and started a few threads, then archived some, cleared others and deleted a few.
He ran the “Clear All Chats” option function but nothing he did made any difference to how the deleted records were preserved.
“In all cases, the deleted SQLite records remained intact in the database,” he said. “WhatsApp is deleting the record (they don't appear to be trying to intentionally preserve data), however the record itself is not being purged or erased from the database, leaving a forensic artifact that can be recovered and reconstructed back into its original form.”
He said that SQLite does not “vacuum databases on iOS”.
“There is no guarantee the data will be overwritten by the next set of messages. In other apps, I've often seen artefacts remain in the database for months,” said Zdziarski.
“Simply preserving deleted data on a secure device is not usually a significant issue, but when that data comes off the device as freely as WhatsApp's database does, it poses a rather serious risk to privacy,” said Zdziarski .
WhatsApp chat data stored on an iPhone or iPad gets copied over from the iPhone during a backup, which means it will show up in your iCloud backup and in a desktop backup.
“Fortunately, desktop backups can be encrypted by enabling the ‘Encrypt Backups' option in iTunes. Unfortunately, iCloud backups do not honour this encryption, leaving your WhatsApp database subject to law enforcement warrants,” he said.
Zdziarski said that the way WhatsApp and other messaging services handle messages means the data could be recoverable by law enforcement.
“Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp chat logs, which may include deleted messages,” he said.
The flaw could have implications for dissidents or journalists working in repressive countries.
Privacy International technologist Dr. Richard Tynan, told SCMagazineUK.com that the potential for WhatsApp to leak the contents of deleted conversations is “extremely worrying”.
“WhatsApp is relied on by many people to provide secure end-to-end communications and thus people potentially use the app for sensitive conversations,” he said. “This announcement serves to highlight that ensuring secure communications is about more than just securing the conversation while it is in-transit; ensuring the end-point security is just as vital.”
Tynan said this issue is part of a wider problem around the reliable deletion of data.
“In February 2014, Privacy International analysed the steps taken by GCHQ to destroy devices that allegedly contained material leaked by Edward Snowden to The Guardian. To destroy the data, GCHQ literally drilled holes in specific chips inside the computers. Clearly, GCHQ did not trust Apple's hardware or software to securely delete the material and the agency physically destroyed individual chips. In the modern world of replication and backups, we need to ensure that companies that promise security, actually provide it.”
Jacob Ginsberg, senior director at Echoworx told SC that the moves WhatsApp has made with regard to encryption are “fantastic, but as this shows, unless encryption is built into the DNA of a messaging platform, there will be gaps – even as there are in iMessage”.
Tony Pepper, CEO for Egress, told SC that WhatsApp provides little control over where sensitive data resides, and the legislation it is subject to, as well as centralised visibility for an organisation.
“As a result, you're unable to see what information your staff are sharing, who they're sharing it with and what the recipients are doing with that data. If you can't ensure that, as a minimum, a product provides this level of protection and control over sensitive data, then you shouldn't be using it to share sensitive information in the workplace.”