iPhone 12 poses potential security risk for WhatsApp users

Transferring messages to your new iPhone 12 may compromise WhatApp’s most important feature

WhatsApp, Web app, Messaging

WhatsApp users who plan to purchase the new iPhone 12 will use a similar method to transfer their chat history to their new phone as they would to transfer their iMessage chats. According to Forbes, this may negate WhatsApp’s most critical features: security.

WhatsApp and iMessage are end-to-end encrypted, so only senders and recipients should be able to read these messages. If you purchase the new iPhone 12, you can transfer your message accounts and histories from your previous phone to your new one.

However, message security differs between iMessage and WhatsApp, and transferring your messages could compromise the end-to-end encryption.

According to WhatsApp: “Backup your chat history and media to iCloud so if you lose your iPhone or switch to a new one, your chat history is safe.” The issue is, unlike iMessage, WhatsApp doesn’t provide end-to-end encryption for backed up media and messages while they’re in iCloud.

By backing up messages to iCloud, you’re providing Apple with the key to your data. For example, a warrant may force Apple to give law enforcement officials access to your WhatsApp backups. This nullifies WhatsApp’s end-to-end encryption.

iMessage used to have the same problem with iCloud backups negating end-to-end encryption. In 2017, iOS 11 addressed this issue. Now, when you get a new Apple device, you can upload your messages by enabling “Messages in iCloud” in iCloud settings, which maintains end-to-end encryption and protects your information with a unique key only the user knows.

According to Apple: “If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages.”

You can avoid this security flaw altogether by not backing up WhatsApp messages to iCloud, but you risk losing your message history if you lose or change your phone.

WhatsApp users can also preserve the encryption by backing up their phones to a Mac or PC and restore from there. They can also use offline device-to-device migration. The issue here is, WhatsApp recommends neither of these alternatives for transferring messages to a new phone.

WhatsApp is working on an update to provide a secure way of transferring message history to a new iPhone 12. The solution will have multiple linked devices and end-to-end encrypted backups for full message histories on all devices. Unfortunately, these solutions won’t be available when the new iPhone 12 first hits stores.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022