IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WhatsApp activates end-to-end encrypted cloud backups

The messaging service will grant users a password-protected key when they save their chat histories to the cloud

Facebook is launching end-to-end encryption protection for WhatsApp users who want to back up their chat histories to the cloud.

The firm has devised an entirely new system for encryption key storage that means end-to-end encrypted backups will be protected with a randomly generated 64-character encryption key. 

The firm's two billion users will be able to benefit from this optional feature on their primary devices when it launches in the coming days.

“For years, in order to safeguard the privacy of people’s messages, WhatsApp has provided end-to-end encryption by default ​​so messages can be seen only by the sender and recipient, and no one in between,” said WhatsApp software engineer managers, Slavik Krassovsky and Gabriel Cadden. 

Related Resource

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

White text against a pink-red background - whitepaper from IBMFree download

“Now, we’re planning to give people the option to protect their WhatsApp backups using end-to-end encryption as well.

“People can already back up their WhatsApp message history via cloud-based services like Google Drive and iCloud. WhatsApp does not have access to these backups, and they are secured by the individual cloud-based storage services. But now, if people choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key.”

All users can activate this method of backup to secure their accounts either with the key directly, or with a user password. If users choose a password, the key is stored in a Backup Key Vault that’s built on a component called a hardware security module (HSM). 

When the owner needs to access their backup, they can access it with the encryption key, or use their password to retrieve their key from the HSM-based vault. 

The vault enforces password verification and permanently disables the key after a number of failed attempts, however, meaning the backup will be lost forever. WhatsApp itself will only know that a key is being stored in the vault, and not what the key is. 

WhatsApp isn’t the first company to enforce end-to-end encrypted backups, with Apple enforcing encryption on iCloud backups.

However, the fact Facebook’s messaging service has expanded the level of encryption it uses on its service will likely anger law enforcement agencies across the world which have railed against the technology.

The Five Eyes nations of English-speaking countries, for example, have time after time asked for tech companies to water down or undermine the application of end-to-end encryption in their services. 

The group, for example, handed tech giants an ‘ultimatum’ in September 2018 to voluntarily insert a backdoor for law enforcement into their platforms. They have followed this up with repeated calls for a backdoor, and in October 2020, again, urged companies to implement a backdoor by-design into their services.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Most Popular

UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022