Facebook, which owns WhatsApp, said that with its end-to-end encrypted backups, the entire messaging process is now more secure, even when stored in the cloud.It claims that no other messaging service on the WhatsApp domain “does not provide this level of general security for users’ content”.
The update means that in addition to the encryption provided by cloud storage solutions such as iCloud, Google Drive and Dropbox, the backup file will also be encrypted.
The company says that the new feature will provide users with more privacy and security for their digital conversations.Not all at once, but slowly across the world “to ensure a consistent and reliable user experience for people on iOS and Android.”
“WhatsApp is built on a simple idea: What you share with your friends and family stays between you,” Facebook CEO Mark Zuckerberg said.
The company added end-to-end message encryption about five years ago, and this protects about 100 billion messages per day that are shared between two billion users.
Users can use the feature to secure end-to-end encrypted backups using a password or a 64-digit encryption key known only to them.
Neither WhatsApp nor the backup service provider, whether Apple, Google, Microsoft or DropBox, will be able to read the backups or access the key needed to unlock them.
People can already back up their WhatsApp message history via cloud-based services such as Google Drive and iCloud.
WhatsApp does not have access to these backups, and they are secured by individual cloud storage services.
But now, if people choose to enable encrypted end-to-end (E2EE) backups, neither WhatsApp nor the backup service provider will be able to access the backup or the backup encryption key.
To enable E2EE backups, Facebook has developed an entirely new encryption key storage system that works with both iOS and Android.
With E2EE backups enabled, backups will be encrypted using a unique, randomly generated encryption key. Users can then choose to manually lock the key or use a password associated with their WhatsApp account.
When someone chooses a password, the key is stored in the Backup Key Vault, which is built around a component called the Hardware Security Module. This is a specialized, secure device that can be used to securely store encryption keys, which cannot be accessed without the correct password.
And when the account owner needs to access their backup, they can access it using their own encryption key, or they can use their personal password to retrieve the encryption key from Backup Key Vault and decrypt the private backup.
The store will be responsible for enforcing password verification attempts and making the key permanently inaccessible after a limited number of unsuccessful attempts to access it – effectively rendering the backup file unavailable.
“These security measures protect against brute force attempts to recover the key,” Facebook added.