Facebook founder Mark Zuckerberg announced on Friday that its messaging platform WhatsApp has completed building an end to end encryption option for backups people choose to store in Google Drive or iCloud.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” he said in a Facebook post on Friday.
In a seperate blog post, the company said in order to safeguard the privacy of people’s messages, WhatsApp has provided end to end encryption by default so messages can be seen only by the sender and recipient, and no one in between. “Now, we’re planning to give people the option to protect their WhatsApp backups using end-to-end encryption as well,” wrote Slavik Krassovsky and Gabriel Cadden.
People can already back up their WhatsApp message history via cloud-based services like Google Drive and iCloud. WhatsApp said it does not have access to these backups, and they are secured by the individual cloud-based storage services.
But now, if people choose to enable end-to-end encrypted (E2EE) backups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key.
The company said to enable E2EE backups, it developed an entirely new system for encryption key storage that works with both iOS and Android. It said with E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key.
ALSO READ TECH NEWSLETTER OF THE DAY
People can choose to secure the key manually or with a user password. When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys. When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.
The HSM-based Backup Key Vault will be responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a minimal number of unsuccessful attempts to access it. “These security measures provide protection against brute-force attempts to retrieve the key. WhatsApp will know only that a key exists in the HSM. It will not know the key itself,” WhatsApp said.
The messaging giant said its front-end service, ChatD, handles client connections and client-server authentication, and will implement a protocol that sends the keys to the backups to and from WhatsApp’s servers.
“The client and HSM-based Backup Key Vault will exchange encrypted messages, the contents of which will not be accessible to ChatD itself. The HSM-based Backup Key Vault will sit behind ChatD and provide highly available and secure storage for the encryption keys to the backups,” WhatsApp stated and added: “The backups themselves will be generated as a continuous stream of data that is encrypted using symmetric encryption with the generated key. With E2EE backups enabled, upon being encrypted, a backup can then be stored off device (e.g., to iCloud or Google Drive).”
WhatsApp said it serves over 2 billion people, and one of the core challenges of this product was to make sure the HSM-based Backup Key Vault operates reliably. To help ensure that the system is always available, the HSM-based Backup Key Vault service will be geographically distributed across multiple data centers to keep it up and running in case of a data center outage.