WhatsApp is finally allowing users to encrypt chat backups uploaded to iCloud and Google Drive – Buzz.ie

WhatsApp has announced that all users will soon be able to store end-to-end encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS.

The Facebook-owned company, which boasts two billion users who send over 100 billion messages a day, said that the move makes WhatsApp the first global messaging service at this scale to offer end-to-end encrypted messaging and backups.

WhatsApp's introduction of end-to-end encryption (E2EE) will provide users with the ability to secure their backed up message history stored in the cloud.

While WhatsApp messages have been encrypted since 2016, the app hasnt offered end-to-end encryption of backups, which rely on iCloud or Google Drive.

This lack of encryption on the backed-up messages created a security loophole exploitable by parties ranging from law enforcement agencies to unintended malicious third parties.

But with the latest update, users will be able to opt-in to end-to-end encryption for their backups before those backups hit their cloud storage service.

Users can expect the update in the coming weeks, according to the company.

For years, in order to safeguard the privacy of peoples messages, WhatsApp has provided end-to-end encryption by default so messages can be seen only by the sender and recipient, and no one in between.

Now, the platform is planning to give people the option to protect their WhatsApp backups using end-to-end encryption as well.

People can already back up their WhatsApp message history via cloud-based services like Google Drive and iCloud. WhatsApp does not have access to these backups, and they are secured by the individual cloud-based storage services. But, while WhatsApp doesn't have access to those backups, Apple and Google potentially do.

But now, if people choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key.

WhatsApp users will have to opt in to the new feature which will soon begin rolling out.

To enable E2EE backups, WhatsApp developed an entirely new system for encryption key storage that works with both iOS and Android.

With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password.

When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) specialised, secure hardware that can be used to securely store encryption keys.

When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.

The HSM-based Backup Key Vault will be responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a limited number of unsuccessful attempts to access it. These security measures provide protection against brute-force attempts to retrieve the key. WhatsApp will know only that a key exists in the HSM. It will not know the key itself.

The move arrives as Facebook faces scrutiny over its privacy polices for the messaging service. Earlier this week, ProPublica published a report highlighting how contract workers sift through millions of private messages that have been flagged by users as potentially abusive.

The nonprofit investigative organisation subsequently made clear that WhatsApp doesnt break the end to end encryption.

Read more:
WhatsApp is finally allowing users to encrypt chat backups uploaded to iCloud and Google Drive - Buzz.ie

Related Post

Comments are closed.