WhatsApp To Offer End-to-End Encrypted Cloud Backups
Heads up, WhatsApp users! WhatsApp will allow you to store end-to-end encrypted (E2EE) backups of your chat history on Google Drive for Android devices or iCloud for Apple devices. This includes the option to self-manage the encryption key.
By default, WhatsApp uses end-to-end encryption so that only the sender and receiver can read messages. Currently, people can back up their WhatsApp message history through Google Drive or iCloud. WhatsApp will not be able to access these backups, which are secured by the cloud-based services.
Once the E2EE backup feature will be enabled, WhatsApp and the backup service provider will be unable to access your backup or your backup encryption key. Backups will be encrypted with a randomly generated encryption key that you can secure manually or with a password. If you choose to set up a password, the key is stored in a Backup Key Vault that is based on a hardware security module (HSM), a physical computing device that can securely store encryption keys. You can access your backup with your encryption key or use your personal password to retrieve the key from the Backup Key Vault and decrypt your backup.
The HSM-based Backup Key Vault will also enforce password verification attempts and make the key permanently inaccessible after a number of failed attempts to access it. These defences can protect you against brute-force attacks carried out to retrieve your key.
According to Facebook Chief Executive Officer Mark Zuckerberg, WhatsApp is the first of its kind to provide E2EE messaging and backups.
"WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems," said Zuckerberg in a post.
This upcoming security feature was announced two days after watchdog ProPublica debunked Facebook's claim that it does not read WhatsApp users' messages. The non-profit organisation revealed that more than 1,000 contractors were hired by Facebook to look through millions of private messages, images and videos that WhatsApp users reported as abusive.
Written by Sophia Lopez