Messaging giant WhatsApp is set to roll out end-to-end encrypted (E2EE) backups later this year, in what privacy campaigners claim to be another win for user privacy and security.
The Facebook-owned company said it had designed an entirely new system for encryption key storage to support the new service.
“With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password. When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys,” explained WhatsApp’s Slavik Krassovsky and Gabriel Cadden.
“When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.”
In order to mitigate the risk of brute force attacks, keys will be rendered permanently inaccessible after a limited number of failed attempts. The firm pointed out that while it will know that a key exists in the HSM, it will not know the key itself — maximizing security.
Transmission of keys to backups and to and from WhatsApp servers will be done via a protocol implemented by WhatsApp’s front-end ChatD service. However, the service will not access the encrypted messages exchanged between a client and HSM-based Backup Key Vault.
Once encrypted, backups can also be stored to iCloud, Google Drive or other off-device locations.
WhatsApp said that, in order to ensure a stable and reliable service, the HSM-based Backup Key Vault would be geographically distributed across multiple data centers.
The move sees the Facebook-owned company offer very different user security and privacy features than Apple, which has sought to differentiate itself on its privacy credentials in recent years.
Apples received backlash when it announced, and then paused, plans to scan users’ iPhones for child abuse material. Apple offers end-to-end encrypted messages via iMessage, but retains the keys for backups, meaning it could hand them over to law enforcers if compelled.
More technical info on the WhatsApp service can be found here.