WhatsApp has just made official one of the most anticipated and demanded security options by users. In the coming weeks, the messaging service will incorporate the backups with end-to-end encryption in its apps for iOS and Android.
In this way, WhatsApp intends to add an extra layer of security to the backups that users create based on their chats, and stored in cloud services like Google Drive or iCloud. It is possibility was rumored for a long time, and fortunately now it is a reality.
As explained by the platform, end-to-end encrypted backup copies will be inaccessible not only to WhatsApp, but also for cloud services where they are stored. It is worth noting that this feature will not be activated by default , but rather that each user must decide if they want to take advantage of it.
How does end-to-end encryption work in WhatsApp backups?
WhatsApp indicates that it has developed a completely new encryption key storage system; it works on both Android and iOS. By enabling this new security feature, backups will be encrypted using an automatically generated unique encryption key .
WhatsApp users will be able to choose between two alternatives to protect said encryption key. On the one hand, they can do it manually, according to the method they deem convenient. On the other hand, they will have the possibility to protect it with a password. In the case of choosing the second option, the encryption key will be stored in a physical device called Backup Key Vault ; it is based on an HSM, or Hardware Security Module . It is a component intended purely and exclusively for the protection of encryption keys.
Thus, then, those who want to access their backups with end-to-end encryption must necessarily use the encryption key in question. If you decide to protect it through Backup Key Vault, something important must be taken into account: if the system detects that the password that is entered to reveal the encryption key is incorrect, it will be permanently inaccessible after a minimum number of attempts . In this way, WhatsApp aims to avoid brute force attacks. In addition, Facebook ensures that it will only know that there is a key stored in the HSM, but not the key itself.
More security options for the world’s most popular messaging service
Without a doubt, the WhatsApp announcement is very interesting, and comes at a time when users are increasingly concerned about the privacy of their information online . In fact, the platform has taken measures to avoid inconveniences in cases of a massive interruption in the service.
According to WhatsApp, the Backup Key Vault service “will be geographically distributed in multiple data centers” . This will ensure that the encryption keys will be accessible to users at all times, regardless of when they want to access their encrypted backups .