U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

WhatsApp doesn’t properly physically erase user’s deleted messages

WhatsApp doesn’t properly erase your deleted messages, researcher reveals Are you using WhatsApp? There is an interesting news for you, the popular instant messaging app doesn’t properly erase the user’s deleted messages. The issue was reported by the popular iOS security researcher Jonathan Zdziarski who is warning about the risks for the users’ privacy. The flaw […]

WhatsApp doesn’t properly physically erase user’s deleted messages

WhatsApp doesn’t properly erase your deleted messages, researcher reveals

Are you using WhatsApp? There is an interesting news for you, the popular instant messaging app doesn’t properly erase the user’s deleted messages.

The issue was reported by the popular iOS security researcher Jonathan Zdziarski who is warning about the risks for the users’ privacy.

The flaw could be exploited by attackers to snoop on user’s private conversations, even when they gave been “deleted.”

Zdziarski was analyzing the latest version of the popular app when discovered traces of previously deleted messages. Data are not physically deleted allowing an expert to recover it with certainly data forensic tools.

“Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you “Clear All Chats”. In fact, the only way to get rid of them appears to be to delete the app entirely.” states the blog post published by Zdziarski.

whatsapp data

The issue represents a serious problem for users that live in an oppressive country, there is the concrete risk that authorities access sensitive conversations by physically accessing the mobile device.

“Just to be clear, WhatsApp is deleting the record (they don’t appear to be trying to intentionally preserve data), however the record itself is not being purged or erased from the database, leaving a forensic artifact that can be recovered and reconstructed back into its original form.” wrote the expert.

The issue is common among applications that uses SQLite, this specific database by default doesn’t delete data on iOS. Every time a record is deleted, it is added to a “free list,” instead its physical deletion. Free records will get overwritten is a second time, for example when the database needs the extra storage.

“If you delete large chunks of messages at once, this causes large chunks of records to end up on this “free list”, and ultimately takes even longer for data to be overwritten by new data. There is no guarantee the data will be overwritten by the next set of messages. In other apps, I’ve often seen artifacts remain in the database for months.” explained the expert.

Among other applications that suffer a similar problem, there is the popular Apple iMessageas explained by Zdziarski.

“Apple’s iMessage has this problem and it’s just as bad, if not worse. Your SMS.db is stored in an iCloud backup, but copies of it also exist on your iPad, your desktop, and anywhere else you receive iMessages. Deleted content also suffers the same fate.” he said.

Other applications like Signal doesn’t leave forensics trace, according to Zdziarski:

“Signal leaves virtually nothing, so there’s nothing to worry about.”

It is curious to note that Zdziarski has included in the analysis the instructions to fix the problem.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Whatsapp, mobile forensic)