In this blog post, the workings of WhatsApp’s backups are delved into by performing Man-in-the-Middle attacks and the behavior of creating/restoring an end-to-end encrypted backup is explored.
A large part of the motivation for this blog post stems from why this isn’t toggled on by default. Additionally, WhatsApp has the option to “end-to-end encrypt” these backups to the cloud provider, a feature that is switched off by default and users have to switch on by themselves this is shown in Figure 1. On Android devices, WhatsApp uploads a backup of a client’s messages to Google Drive whereas the backup is uploaded to iCloud for iPhones. The focus of this blog post is to investigate a service that WhatsApp offers - backing up messages to a cloud service provider. Available for Android, iPhone and Mac/Windows PC, “WhatsApp is free and offers simple, secure, reliable messaging and calling, available on phones all over the world”. WhatsApp is a cross-platform instant messaging app used by “more than 2 billion users in 180 countries”. I decided to investigate how WhatsApp backs up messages to the cloud with the “end-to-end encrypted backups” option toggled on and off. This blog post is a technical report of a presentation that I presented on Jfor the second task of my Mobile Security course.
0 kommentar(er)
