Facebook-owned messaging platform WhatsApp will let users fully encrypt their backups, the company has announced.
“We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud,” Facebook CEO, Mark Zuckerberg, said in a statement.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” Zuckerberg added.
Unique encryption key
If users choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key, the company explained in a post.
“With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password,” the statement said.
If a user opts for a password to secure the key, the key will be stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM).
Account owners can access their encrypted backup with the key when needed, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.
“The HSM-based Backup Key Vault will be responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a limited number of unsuccessful attempts to access it,” it added.
WhatsApp will only know that a key exists in the HSM. It will not know the key itself, it further clarified.
Complete privacy
While storing a key in the vault, the client connections and client-server authentication will be managed by WhatsApp’s front-end service, ChatD.
“It will implement a protocol that sends the keys to the backups to and from WhatsApp’s servers. The client and HSM-based Backup Key Vault will exchange encrypted messages, the contents of which will not be accessible to ChatD itself,” WhatsApp said.
When encryption is enabled, the backups will be generated as a continuous stream of data that is encrypted using symmetric encryption with the generated key. Once encrypted, a backup can then be stored off device (e.g., to iCloud or Google Drive).
“WhatsApp serves over 2 billion people, and one of the core challenges of this product was to make sure the HSM-based Backup Key Vault operates reliably. To help ensure that the system is always available, the HSM-based Backup Key Vault service will be geographically distributed across multiple data centers to keep it up and running in case of a data center outage,” the company added.
Password or key
In order to retrieve the backup, users will enter their password, which is encrypted and then verified by the Backup Key Vault.
Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client. Once the key is received, the WhatsApp client can then decrypt the backups.
Also see: Start-ups body slams FB’s contract staff reviewing WhatsApp ‘reported’ chats
Alternatively, if an account owner has chosen to use the 64-digit key alone, they will have to manually enter the key themselves to decrypt and access their backups.
E2EE backups will be available on iOS and Android in the coming weeks.
Transfer chat history
Most recently, WhatsApp also introduced a new feature that lets users transfer chat history from one operating system to another when switching phones.
It would let users move their WhatsApp history from iOS to Android. It also includes voice messages, photos and videos. To begin with, this feature is available on any Samsung device running Android 10 or higher, and will be available on more Android devices soon, it had said.
When a user sets up a new device, they will be provided with the option to transfer their chats from their old device to their new one. This process will require a USB-C to Lightning cable.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.