Contact Us

WhatsApp activates end-to-end encrypted cloud backups

Cloud

Facebook is launching end-to-end encryption protection for WhatsApp users who want to back up their chat histories to the cloud.

The firm has devised an entirely new system for encryption key storage that means end-to-end encrypted backups will be protected with a randomly generated 64-character encryption key. 

The firm’s two billion users will be able to benefit from this optional feature on their primary devices when it launches in the coming days.

“For years, in order to safeguard the privacy of people’s messages, WhatsApp has provided end-to-end encryption by default ​​so messages can be seen only by the sender and recipient, and no one in between,” said WhatsApp software engineer managers, Slavik Krassovsky and Gabriel Cadden. 

“Now, we’re planning to give people the option to protect their WhatsApp backups using end-to-end encryption as well.

“People can already back up their WhatsApp message history via cloud-based services like Google Drive and iCloud. WhatsApp does not have access to these backups, and they are secured by the individual cloud-based storage services. But now, if people choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key.”

All users can activate this method of backup to secure their accounts either with the key directly, or with a user password. If users choose a password, the key is stored in a Backup Key Vault that’s built on a component called a hardware security module (HSM). 

When the owner needs to access their backup, they can access it with the encryption key, or use their password to retrieve their key from the HSM-based vault. 

The vault enforces password verification and permanently disables the key after a number of failed attempts, however, meaning the backup will be lost forever. WhatsApp itself will only know that a key is being stored in the vault, and not what the key is. 

WhatsApp isn’t the first company to enforce end-to-end encrypted backups, with Apple enforcing encryption on iCloud backups.

However, the fact Facebook’s messaging service has expanded the level of encryption it uses on its service will likely anger law enforcement agencies across the world which have railed against the technology.

The Five Eyes nations of English-speaking countries, for example, have time after time asked for tech companies to water down or undermine the application of end-to-end encryption in their services. 

The group, for example, handed tech giants an ‘ultimatum’ in September 2018 to voluntarily insert a backdoor for law enforcement into their platforms. They have followed this up with repeated calls for a backdoor, and in October 2020, again, urged companies to implement a backdoor by-design into their services.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound