To enhance the privacy of personal chats, images and videos, WhatsApp said it will allow users to encrypt the content backup on services such as iCloud on iPhones and Google Drive on Android.
The Facebook-owned company has provided end-to-end encryption of chats between the sender and the receiver for more than a decade. But there is no option that allows users to encrypt chat backup.
The new security feature will be made available in the coming weeks, the company said.
“Our primary focus is on protecting people’s messages,” Will Cathcart, head of WhatsApp, said.
“That's why we've used end-to-end encryption for messages in-transit, why we’re adding easy ways for private messages to disappear and now strong backup encryption to protect the messages you want to keep.”
The National looks at the new feature and explores the possibilities that it will open up for the users.
What is the new security feature?
Currently, users can store their WhatsApp history on cloud-based storage services like iCloud or Google Drive and they are protected by the individual service providers.
But they are not stored in an encrypted format and can be accessed stealthily by third parties or even cybercriminals. The new feature will let users opt for end-to-end encrypted (E2EE) backups as well.
“Neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key,” the company said.
How does E2EE backup work?
To enable E2EE backups, the company has developed a new system for encryption key storage that works with both iOS and Android. Using the system, users will be able to generate encryption keys and passwords.
With E2EE backups enabled, the stored content will be encrypted with a “unique, randomly generated encryption key”. Users can choose to secure the key manually or with a password.
“When someone opts for a password, the key is stored in a backup key vault that is built based on a component called a hardware security module [HSM] – [a] specialised, secure hardware that can be used to securely store encryption keys,” WhatsApp said.
When the account owner wants to access their backup, they can access it with their encryption key or they can use their personal password to retrieve their encryption key from the HSM and decrypt their backup.
How safe is HSM?
The HSM will be responsible for enforcing password verification attempts and it could make the key permanently inaccessible after a limited number of unsuccessful attempts to access it.
“These security measures provide protection against brute-force attempts to retrieve the key. WhatsApp will know only that a key exists in the HSM. It will not know the key itself,” the company said.
How users can access secured WhatsApp backup?
They need to perform three steps to retrieve the secured backup:
- Enter the encrypted password.
- Once the password is verified, the backup key vault will send the encryption key back to the user.
- With the key in hand, the users can decrypt the backups.
Alternatively, if an account owner has chosen to use the 64-digit key alone, they will have to manually enter the key to decrypt and access their backups.