Moscow, Russia - July 20, 2017 - ElcomSoft Co. Ltd. updates Elcomsoft eXplorer for WhatsApp, the company's all-in-one tool for extracting, decrypting and analyzing WhatsApp communication histories. The tool gains the ability to decrypt WhatsApp stand-alone backups produced by the iPhone app and stored in Apple's iCloud Drive. The decryption is possible with access to a verified phone number or SIM card, and requires authenticating into the user's Apple ID account. A WhatsApp encryption key must be only obtained once, and can be used to access all previously created and all future backups for a given combination of Apple ID and phone number. The tool provides automatic download and decryption for WhatsApp backups and comes with a built-in viewer.
"WhatsApp remains the most popular instant messaging tool in North America and Europe, and is the one communication tool most frequently picked by the criminals" says Vladimir Katalov, ElcomSoft CEO. "With our tool, investigators can now access iPhone users' encrypted WhatsApp communication histories stored in Apple iCloud Drive - provided that they have access to the user's Apple ID account and can receive a confirmation code sent to their verified phone number."
Decrypting iPhone Users' WhatsApp Backups Since December 2016, both manual and daily stand-alone backups produced by WhatsApp iPhone app and stored in the user's iCloud Drive are automatically encrypted with industry-standard AES256 encryption. The encryption key, generated by WhatsApp at the time of the first backup, is unique per each combination of Apple ID and phone number. Different encryption keys are generated for different phone numbers registered on the same Apple ID. These encryption keys are generated and stored server-side by WhatsApp itself; they are never stored in iCloud, and they cannot be extracted from the iOS device.
Elcomsoft Explorer for WhatsApp 2.10 gains the ability to retrieve cryptographic keys used to encrypt and decrypt WhatsApp's iCloud backups, successfully bypassing encryption and gaining access to WhatsApp conversation history and underlying messages. In order to generate the encryption key, experts must be able to receive a WhatsApp verification code sent to the phone number for which a given backup was created. In addition, the user's Apple ID and password (or binary authentication token) are required to gain access to the backup itself. The cryptographic key can be used to access all previously created and all future backups for a given combination of Apple ID and phone number.
Experts with access to the user's verified phone number of SIM card as well as Apple ID authentication credentials can now use Elcomsoft Explorer for WhatsApp to circumvent encryption and gain access to iCloud-stored encrypted messages
More information about Elcomsoft eXplorer for WhatsApp is available at