Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

September 11, 2021

WhatsApp on Friday announced it should roll out help for end-to-end encrypted chat backups on the cloud for Android and iOS customers, paving the way in which for storing info akin to chat messages and pictures in Apple iCloud or Google Drive in a cryptographically safe method.

The function, which is able to go dwell to all of its two billion customers within the coming weeks, is anticipated to solely work on the first gadgets tied to their accounts, and never companion gadgets akin to desktops or laptops that merely mirror the content material of WhatsApp on the telephones.

Whereas the Fb-owned messaging platform flipped the swap on end-to-end encryption (E2EE) for private messages, calls, video chats, and media between senders and recipients as far back as April 2016, the content material — ought to a person choose to again up on the cloud to allow the switch of chat historical past to a brand new machine — wasn’t subjected to the identical safety protections till now.

“With the introduction of end-to-end encrypted backups, WhatsApp has created an HSM ({Hardware} Safety Module) primarily based Backup Key Vault to securely retailer per-user encryption keys for person backups in tamper-resistant storage, thus making certain stronger safety of customers’ message historical past,” the corporate mentioned in a whitepaper.

“With end-to-end encrypted backups enabled, earlier than storing backups within the cloud, the shopper encrypts the chat messages and all of the messaging knowledge (i e textual content, pictures, movies, and many others) that’s being backed up utilizing a random key that is generated on the person’s machine,” it added.

To that finish, the important thing to encrypt the backup is secured with a user-furnished password, which is saved within the vault to allow simple restoration within the occasion the machine will get stolen. Alternatively, customers have the choice of offering a 64-digit encryption key as a substitute of a password — however on this situation, the encryption key should be saved manually given that it’s going to not be despatched to the HSM Backup Key Vault.

Thus when an account proprietor wants entry to their backup, it may be finished so with the assistance of the password or the 64-digit key, which, subsequently, is employed to retrieve the encryption key from the backup key vault and decrypt their backups.

The vault, in itself, is geographically distributed throughout 5 knowledge facilities and can also be liable for imposing password verification in addition to rendering the important thing completely inaccessible after a set threshold for the variety of unsuccessful makes an attempt is crossed in order to safeguard towards brute-force assaults to retrieve the important thing by malicious actors.

Unencrypted cloud backups have been a serious safety loophole utilizing which legislation enforcement businesses have been capable of entry WhatsApp chats to collect incriminating proof pertaining to prison investigations. In addressing this escape outlet, Fb is as soon as once more setting itself on the warpath with governments internationally, who’ve decried the corporate’s determination to introduce E2EE throughout all of its companies.

Fb has since adopted E2EE for Secret Conversations on Messenger and lately extended the feature for voice calls and video calls. As well as, the social media large is planning a restricted check of E2EE for Instagram direct messages.

“WhatsApp is the primary world messaging service at this scale to supply end-to-end encrypted messaging and backups, and getting there was a extremely arduous technical problem that required a wholly new framework for key storage and cloud storage throughout working techniques,” said Fb’s chief govt Mark Zuckerberg in a submit.

Posted in SecurityTags:
Write a comment