Think You Deleted Those WhatsApp Chats? Guess Again

For a number of great reasons, WhatsApp is an instant message client worth using. It can be used on your mobile device, or on the desktop (through the mobile device). It's reliable, fast, and best of all, secure. A couple of months ago, we learned that Facebook deployed always-on encryption in the app, making an already great chat client even better and more secure.

Well, let's back things up just a tad. While WhatsApp does in fact use end-to-end encryption, and there's no fault there, an iOS researcher discovered a gaping flaw: deleted chats are not actually deleted (hmmm, that sounds familiar).

To the user, deleting a WhatsApp conversation will give the impression that it's actually deleted, but in reality, the data remains in storage, able to be retrieved by those who know what they're doing - either remotely, or locally with the right retrieval tools.

WhatsApp

The issue is tied to the app's database software, SQLite. When data is deleted, it's marked as "free" (similar to how SSD data was handled before TRIM made its introduction), and thus can be retrieved by those who know that it's there. The fix, fortunately, would be simple: upon delete, overwrite the data.

The researcher who discovered this flaw, Jonathan Zdziarski, notes that there's no sign that WhatsApp is retaining data on purpose, or that it was even aware of the flaw. He offers a couple of simple potential fixes, including overwriting the data and encrypting the data from the start, rather than just encrypting on-the-fly during transmission.

Up to this point, Facebook has not chimed in with acknowledgment of this issue, but given its severity, we can't imagine that it will take much longer for the company to make a statement.


Show comments blog comments powered by Disqus