Facebook-owned messaging app WhatsApp has now come up with end-to-end encryption for chat back-ups. Earlier, there was no encryption which even attracted malicious hackers. WhatsApp claims that it is the first and the only company to have introduced this level of security for shared messages – from sending and transit, to receiving and storing in the cloud.
WhatsApp has unveiled this security feature so that the technical community can get prepared with a new approach before the launch of its beta version and then for all the app users.
WhatsApp end-to-end encryption feature for chat backups will be launched as an optional feature in the next few weeks to iOS and Android users.
If one looks at the current scenario, WhatsApp chat backups depend on mobile device cloud partners such as in Apple iCloud or Google Drive. This was not protected by WhatsApp’s end-to-end encryption feature.
Now with this feature becoming the reality, WhatsApp will secure backups with end-to-end encryption before these chats get uploaded to the cloud services. With this feature, the company has made an HSM (Hardware Security Module) based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage. This further ensures stronger security for chats.
With the introduction of this feature, the client encrypts the chat messages and data (text, photos, videos, etc) with the help of a random key that’s generated on the user’s device.
The key is further protected with a user-provided password that is not known to WhatsApp, the user’s mobile device cloud partners, or any third party. The key is kept in the HSM Backup Key Vault sol that users can easily retrieve in times of emergencies.