WhatsApp activates end-to-end encrypted cloud backups

WhatsApp's app in the top corner of a smartphone
(Image credit: Shutterstock)

Facebook is launching end-to-end encryption protection for WhatsApp users who want to back up their chat histories to the cloud.

The firm has devised an entirely new system for encryption key storage that means end-to-end encrypted backups will be protected with a randomly generated 64-character encryption key.

The firm's two billion users will be able to benefit from this optional feature on their primary devices when it launches in the coming days.

“For years, in order to safeguard the privacy of people’s messages, WhatsApp has provided end-to-end encryption by default ​​so messages can be seen only by the sender and recipient, and no one in between,” said WhatsApp software engineer managers, Slavik Krassovsky and Gabriel Cadden.

RELATED RESOURCE

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

FREE DOWNLOAD

“Now, we’re planning to give people the option to protect their WhatsApp backups using end-to-end encryption as well.

“People can already back up their WhatsApp message history via cloud-based services like Google Drive and iCloud. WhatsApp does not have access to these backups, and they are secured by the individual cloud-based storage services. But now, if people choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key.”

All users can activate this method of backup to secure their accounts either with the key directly, or with a user password. If users choose a password, the key is stored in a Backup Key Vault that’s built on a component called a hardware security module (HSM).

When the owner needs to access their backup, they can access it with the encryption key, or use their password to retrieve their key from the HSM-based vault.

The vault enforces password verification and permanently disables the key after a number of failed attempts, however, meaning the backup will be lost forever. WhatsApp itself will only know that a key is being stored in the vault, and not what the key is.

WhatsApp isn’t the first company to enforce end-to-end encrypted backups, with Apple enforcing encryption on iCloud backups.

However, the fact Facebook’s messaging service has expanded the level of encryption it uses on its service will likely anger law enforcement agencies across the world which have railed against the technology.

The Five Eyes nations of English-speaking countries, for example, have time after time asked for tech companies to water down or undermine the application of end-to-end encryption in their services.

The group, for example, handed tech giants an ‘ultimatum’ in September 2018 to voluntarily insert a backdoor for law enforcement into their platforms. They have followed this up with repeated calls for a backdoor, and in October 2020, again, urged companies to implement a backdoor by-design into their services.

Keumars Afifi-Sabet
Contributor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.