WhatsApp has launched end-to-end encrypted backups that allow users to protect all stored messages, photos, videos and calls with a password or a 64-digit key.
The feature is rolling out globally to iOS and Android users to provide an “optional extra layer of protection” for existing backups, according to a spokesperson for the social media giant.
Facebook, which owns WhatsApp, said that with its end-to-end encrypted backups, the entire messaging process is now more secure, even when stored in the cloud.
The update means that in addition to the encryption provided by cloud storage solutions such as iCloud, Google Drive and Dropbox, the backup file will also be encrypted.
The company says that the new feature will provide users with more privacy and security for their digital conversations.
Not all at once, but slowly across the world “to ensure a consistent and reliable user experience for people on iOS and Android.”
“WhatsApp is built on a simple idea: What you share with your friends and family stays between you,” Facebook CEO Mark Zuckerberg said.
People can already back up their WhatsApp message history via cloud-based services such as Google Drive and iCloud. WhatsApp does not have access to these backups, and they are secured by individual cloud storage services.
But now, if people choose to enable encrypted end-to-end (E2EE) backups, neither WhatsApp nor the backup service provider will be able to access the backup or backup encryption key.
When someone chooses a password, the key is stored in the Backup Key Vault, which is built around a component called the Hardware Security Module. This is a specialized, secure device that can be used to securely store encryption keys, which cannot be accessed without the correct password.
And when the account owner needs to access their backup, they can access it using their own encryption key, or they can use their personal password to retrieve the encryption key from Backup Key Vault and decrypt the private backup.
The store will be responsible for enforcing password verification attempts and making the key permanently inaccessible after a limited number of unsuccessful attempts to access it – effectively rendering the backup file unavailable.
“These security measures protect against brute force attempts to recover the key,” Facebook added.
Source: Daily Mail