Spread the love

Elcomsoft Explorer for WhatsApp 2.10 adds the ability to extract and decrypt WhatsApp stand-alone backups created in iCloud Drive. The tool can obtain a WhatsApp encryption key by registering itself as a new device. Access to user’s iCloud authentication credentials and their verified phone number is required to generate the encryption key.

Elcomsoft Explorer for WhatsApp 2.10 adds the ability to access iPhone users’ WhatsApp conversation histories by extracting and decrypting WhatsApp stand-alone backups from iCloud Drive. Access to the user’s iCloud account and their verified phone number (SIM card) is required to obtain the encryption key and decrypt the backup.

Since last year, both manual and daily stand-alone backups stored by WhatsApp in iCloud Drive are automatically encrypted. The encryption key, generated by WhatsApp when the user makes a backup for the first time, is unique per each combination of Apple ID and phone number. Different encryption keys are generated for different phone numbers registered on the same Apple ID. These encryption keys are generated and stored server-side by WhatsApp itself; they are never stored in iCloud or on the device.

If a SIM card with a verified phone number is available, Elcomsoft Explorer for WhatsApp 2.10 can now access the encryption key by registering itself with WhatsApp as a new device. Once obtained, the encryption key will be used to decrypt WhatsApp stand-alone backups (iCloud authentication credentials or binary authentication token required).

At this time, Elcomsoft Explorer for WhatsApp 2.10 supports all of the following WhatsApp acquisition methods:

(new) Extracting and decrypting WhatsApp stand-alone backups from iCloud Drive
Extracting WhatsApp data from iOS system backups (iTunes)
Downloading and extracting WhatsApp data from iOS cloud backups (iCloud)
Extracting WhatsApp databases from rooted Android devices (all versions of Android; root access required)
Producing and extracting WhatsApp backups on pre-Android 7 devices without root access

You can find more information about Elcomsoft Explorer for WhatsApp at
https://www.elcomsoft.com/exwa.html

Current State of WhatsApp Security

Despite recent discoveries regarding WhatsApp encryption of the tool’s iCloud backups, the app’s end-to-end message delivery still remains secure, and the messaging service remains one of the most secure on the market. WhatsApp securely encrypts messages sent and received, and makes use of encryption when producing cloud backups. Decrypting WhatsApp-produced backups requires access to the trusted phone number or SIM card, as well as access to the user’s Apple ID account.

WhatsApp does not keep communication histories on their servers, making them unavailable to hacker attacks. For the same reason, government requests result in very limited data. As a result, acquisition is only possible from physical devices, iOS system backups or proprietary WhatsApp backups.