WhatsApp rolls out end-to-end encryption for chat backups

WhatsApp rolls out end-to-end encryption for chat backups

By

WhatsApp-WhatsApp encrypted chat backup, WhatsApp end-to-end encrypted backup chat, WhatsApp chat backup, WhatsApp chat function-WhatsApp said it will add support for this feature in the next few weeks to provide additional security protection for those who need it.

The Facebook-owned service announced a major privacy update, and it will now add end-to-end encryption to chat backups. All messages and calls on the platform have been end-to-end encrypted-which means that no third party, including WhatsApp, can access them. But users rely on backups to save and restore their chat history, especially when they switch devices. So far, chat backups are unencrypted, so they can be easily accessed by others.

WhatsApp said it will add support for this feature in the next few weeks to provide additional security protection for those who need it. The company explained: “If someone chooses to use end-to-end encryption to back up their chat history, only they can access it. No one can unlock their backup, not even WhatsApp.”

But the backup service provider, whether it is Apple or Google, will have access to the end-to-end encryption key or their end-to-end encrypted backup. For iOS users, the only option for chat backup is iCloud, while on Android, users usually rely on Google Drive.

According to Facebook, this is a “very big privacy improvement” considering their 2 billion users who send more than 100 billion messages every day. WhatsApp stated that it believes “this will enable our users to make meaningful progress in personal information security.”

In the coming weeks, end-to-end encryption will be released as an optional feature to iOS and Android users. So it will not be turned on by default. WhatsApp users will have to create passwords or rely on the use of 64-bit encryption keys to access encrypted chats. In addition, as shown in the picture above, if users forget their passwords, WhatsApp cannot help them recover their accounts.

WhatsApp also released a white paper explaining how this feature works. The backup is encrypted with the password provided by the user, and the password is not known to WhatsApp, the user’s mobile device cloud partner, or any third party.

In addition, the encryption key is stored in the hardware security module (HSM) backup keystore, which will allow users to recover the key if the device is lost or stolen, thereby regaining access to their account and chat. The HSM in most mobile phones “is responsible for enforcing password verification attempts and making the key permanently inaccessible after a certain number of failed access attempts.”

Facebook stated that “these security measures prevent brute force attempts to retrieve the key.” If users choose a 64-bit encryption key instead of a password, they must ensure that they remember this encryption key or manually store it somewhere. In this case, the key will not be sent to the HSM backup key vault.

You may also like

%d bloggers like this: