Friday, March 29, 2024

WhatsApp brings end-to-end encryption to your Google Drive chat backups

Share

Encrypted backups cannot be accessed by WhatsApp or the backup service provider.

whatsapp-logo.jpg

What you need to know

  • Popular messaging app WhatsApp will soon enable end-to-end encryption for backups in Google Drive and iCloud.
  • The feature will roll out to users on Android and iOS in the coming weeks.
  • Encrypted backups will ensure nobody else can access your messages.

WhatsApp announced on September 10 that it will soon allow users to protect their message backups using end-to-end encryption. While WhatsApp already allows users to back up their message history via Google Drive and iCloud, they are currently secured by the cloud-based storage services.

🎉 WhatsApp is the leading global messaging service to offer *both* end-to-end encrypted messaging and backups on iCloud or Google Drive. 🎉So you can make sure that bestie’s voice messages and mum’s secret recipe will be safely stored in a place only you can access.

— WhatsApp (@WhatsApp) September 10, 2021

Facebook says it created an all-new system for encryption key storage to make end-to-end encryption possible for backups on both Android and iOS. Once you enable end-to-end encryption, your backups will be encrypted with a unique, randomly generated encryption key. You can secure the key manually or with a password.

whatsapp-e2ee-backups-1.jpg

When you choose to use a password, the encryption key is stored in a Backup Key Vault that is “built based on a component called a hardware security module — specialized, secure hardware that can be used to security store encryption keys.” You can access the backup using your encryption key or your personal password to retrieve the key from the Backup Key Vault.

whatsapp-e2ee-backups-2.jpg

The encryption key will be rendered permanently inaccessible after a “minimal number” of unsuccessful attempts to access it. This, Facebook says, will help prevent brute-force attempts to retrieve the key.

ChatD, which is WhatsApp’s front-end service, will implement a protocol to send the encryption keys to and from the app’s servers. The contents of the encrypted messages, however, will not be accessible to ChatD. WhatsApp also clarifies that it will only know a key exists in the HSM, but not the key itself.

The HSM-based Backup Key Vault service will be located across multiple Facebook data centers to prevent outages and ensure that it operates reliably for over 2 billion WhatsApp users.

The feature will roll out to users on the best Android phones and iPhones over the coming weeks.

Table of contents

Read more

More News