To expand security on its platform, WhatsApp is going to secure iCloud backup with end-to-end encryption later this year. The new security feature is built on a two-factor authentication framework for key storage and cloud storage to allow iOS and Android users to secure their chat history on iCloud and Google Drive, respectively.
Recently, a report by ProPublica claimed that WhatsApp does not support end-to-end encryption on the platform and the company has thousands of contractors to view users’ text, photo, and video messages. The parent company of the social media app, Facebook clarified that WhatsApp only reads the reported messages on the messaging app and said that the report was based on a misunderstanding.
Here is how WhatsApp’s upcoming end-to-end encryption system for iCloud backups will work
WhatsApp allows users to back up their messages on Apple’s and Google’s cloud services so they can transfer them to a new device or retrieve their chat history in case their smartphone gets lost or stolen. Now, the platform is going to help users secure those backups by “creating a system to provide additional security for users’ message history from WhatsApp, as well as the users’ own cloud providers and any other third parties.” And here is how the new system will work.
- The platform has created a Hardware Security Module (HSM) based Backup Key Vault to store each user’s encryption keys for backups in tamper-resistant storage to prevent content from hacks or other tempering attacks.
- On enabling the end-to-end encrypted backups, users’ text messages, pictures, and photos backups will be encrypted with a two-factor authentication system.
- The client encrypts the chat messages and all the messaging data (i.e. text, photos, videos, etc) that is being backed up using a random key that’s generated on the user’s device.
- The key to encrypt the backup is secured with a user-provided password. The password is unknown to WhatsApp, the user’s mobile device cloud partners, or any third party. The key is stored in the HSM Backup Key Vault to allow the user to recover the key in the event the device is lost or stolen. The HSM Backup Key Vault is responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a certain number of unsuccessful attempts to access it.
The company says that this authentication mechanism will protect users’ data “against brute force attempts” to gain access to the encryption key. Therefore, users will have to create a 64-digit encryption key instead of a password which they will have to remember or store it manually because WhatsApp is not shared with HSM Backup Key Vault. The CEO of Facebook, Mark Zuckerberg announced the new security upgrade on the messaging app.
We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud. WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.
WhatsApp criticized Apple’s new child protection features which would have allowed scanning of users’ photos saved on iCloud for CSAM. And it appears that the company is working to improve privacy on its own platform. Read the complete whitepaper on the new system here.