SecureMac, Inc.

ElcomSoft Expands WhatsApp Extraction Capabilities to Business Platform

June 7, 2018

WhatsApp, the popular messaging app owned by Facebook, is arguably one of the most popular means for secure communication in the world. Facebook says that more than a billion and a half users trade nearly sixty billion messages across WhatsApp every day. Because the software uses end-to-end encryption, the contents of those messages are typically shielded from prying eyes who might wish to intercept and read them. However, that does not mean WhatsApp is an impenetrable fortress. Forensic security software company ElcomSoft not only has a tool for extracting WhatsApp …

ElcomSoft Expands WhatsApp Extraction Capabilities to Business Platform

WhatsApp, the popular messaging app owned by Facebook, is arguably one of the most popular means for secure communication in the world. Facebook says that more than a billion and a half users trade nearly sixty billion messages across WhatsApp every day. Because the software uses end-to-end encryption, the contents of those messages are typically shielded from prying eyes who might wish to intercept and read them. However, that does not mean WhatsApp is an impenetrable fortress. Forensic security software company ElcomSoft not only has a tool for extracting WhatsApp data from device backups but has now announced the release of a new and updated tool. This version of the ElcomSoft Explorer for WhatsApp specifically targets the latest spinoff, WhatsApp Business.

Available only on Android, WhatsApp Business features built-in security that makes it impossible to access conversational databases without root access to the device. Since this may not be possible to achieve for all users, the latest version now allows a user of the tool to extract WhatsApp data from a targeted individual’s Google Drive backups. To do this, the user must know the target’s Google ID and password, and must be able to supply a valid two-factor authentication token if activated on the account. Without physical access to a rooted device, therefore, one must already know this crucial information.

After downloading a Drive backup, users would immediately be able to view pictures and videos stored in the WhatsApp database — these do not receive the same level of encryption as other components of user chats. Conversations themselves remain sealed behind encryption. Using Elcomsoft Explorer for WhatsApp, a forensic researcher able to intercept the 2FA codes could follow a built-in procedure for receiving a valid decryption token from the WhatsApp servers. Once completed, they would have the ability to view all the targeted user’s chats in plain text.

Naturally, to successfully use this tool requires a very high level of access to start. ElcomSoft notes that attacking cloud backups in this manner is one of the only ways to penetrate the veil of secrecy that surrounds WhatsApp conversations. Since intercepting two-factor codes is a big challenge in and of itself, cloud backups are still a reliable method for keeping one’s information secure and monitoring for unauthorized access. This is yet another good example of why using 2FA improves your security across many levels. However, users who feel a special need to take extra steps for protecting their privacy could still consider disabling cloud backups for apps such as WhatsApp and WhatsApp Business.