WhatsApp to Roll Out Encrypted Backups

WhatsApp to Roll Out Encrypted Backups

Messaging giant WhatsApp is set to roll out end-to-end encrypted (E2EE) backups later this year, in what privacy campaigners claim to be another win for user privacy and security.





The Facebook-owned company said it had designed an entirely new system for encryption key storage to support the new service.





“With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password. When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys,” explained WhatsApp’s Slavik Krassovsky and Gabriel Cadden.





“When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.”





In order to mitigate the risk of brute force attacks, keys will be rendered permanently inaccessible after a limited number of failed attempts. The firm pointed out that while it will know that a key exists in the HSM, it will not know the key itself — maximizing security.





Transmission of keys to backups and to and from WhatsApp servers will be done via a protocol implemented by WhatsApp’s front-end ChatD service. However, the service will not access the encrypted messages exchanged between a client and HSM-based Backup Key Vault.





Once encrypted, ..

Support the originator by clicking the read the rest link below.