Facebook added another layer of protection for users of its WhatsApp encrypted mobile messaging service in late 2016, quietly introducing a new feature that encrypts messages and contacts when uploading this data to Apple’s iCloud servers, according to a Forbes report earlier this week.
According to the report, WhatsApp users backing up information to the iCloud Drive now enter a texted verification sent by the messaging service, thereby generating a unique key that is used to encrypt the data uploaded to Apple’s servers. A separate Tripwire report noted that Apple was already using a minimum of 128-bit AES encryption to encrypt users’ information when accepting uploads and storing user data, but this feature enhances security even further.
Forbes said its reporters learned of the WhatsApp upgrade last week after hacking tool supplier Oxygen Forensics began promoting a new feature that it claims can defeat the added encryption. However, the process is rather “clunky” and works only under one highly specific scenario, Forbes added.
This article originally appeared at scmagazineuk.com