WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

Lavanya Rao K

September 13, 2021

WhatsApp recently announced that it would be bringing end-to end encrypted chat backups to the cloud for Android and iOS users, allowing users to save information including chat messages and photographs in a cryptographically safe manner on Apple iCloud or Google Drive. This feature is expected to go live in the coming weeks and will work on primary devices tied to their accounts, not on devices such as desktops or laptops. Users may now back up their messages in a more secure way using end-to-end encrypted (E2EE) backups. WhatsApp has established an HSM (Hardware Security Module) based Backup Key Vault to securely store encryption keys for each user’s backups. When E2EE backups are enabled, the client encrypts the chat messages and all messaging data is backed up using a random key generated on the user's device before storing backups in the cloud. The key used to encrypt is protected by a user-supplied password stored in the vault, allowing for easy recovery if the device is stolen or lost.Users can also provide a 64-digit encryption key instead of a password, but the encryption key must be stored manually in this case because it will no longer be sent to the HSM Backup Key Vault. Thus, when an owner needs to access their backup, they can do so using their password or the 64 digit key, which is then used to retrieve the encryption key from the backup key vault and decrypt their backups. The vault is distributed geographically across five data centres. It is also in charge of enforcing password verification and making the key permanently inaccessible after a certain number of failed attempts, in order to protect against malicious hacker's brute-force attempts to retrieve the key. WhatsApp is the first global messaging service of this scale to offer end-to-end encrypted messaging and backups, and getting there was a technical challenge that necessitated the development of an entirely new key storage and cloud storage framework across operating systems.

Abridged fromThe Hacker News