WhatsApp announced on Friday that it will allow its more than 2 billion users to perform fully encrypted backups of their information. WhatsApp detailed this plan in a white paper before launching to iOS and Android users in the next few weeks. The purpose is to protect the backup that WhatsApp users have sent to Google Drive or Apple iCloud without an encryption key. Unable to read under.
WhatsApp users who choose to encrypt the backup will be asked to save a 64-digit encryption key or create a password bound to the key. Facebook CEO Mark Zuckerberg said in a statement: WhatsApp is the first global messaging service that provides end-to-end encrypted information and backups. It is very difficult to do this. The technical challenge requires a new framework to realize cross-operating system key storage and cloud storage.
If someone creates a password bound to their account encryption key, WhatsApp will store the related key in a physical hardware security module, namely HSM, which is maintained by Facebook and can only be used when the correct password is entered in WhatsApp Unlock. HSM is like a safe for encrypting and decrypting digital keys.
Once unlocked with the relevant password in WhatsApp, HSM will provide the encryption key, which in turn decrypts the account backup stored on Apple or Google servers. If the password is tried repeatedly, the key stored in the HSM safe of WhatsApp will be permanently inaccessible. The hardware itself is located in data centers owned by Facebook around the world to prevent internet interruption.
Will Cathcart, the head of WhatsApp, said the system is designed to ensure that no one other than the account owner has access to the backup. He said the purpose of letting people create simpler passwords is to make encrypted backups more accessible. WhatsApp will only know that there is a key in the HSM, but not the key itself or the related password for unlocking.
This move by WhatsApp came at a time when governments around the world such as India-WhatsApp’s largest market-threatened to break the way encryption works. “We expect to be criticized by some people for this,” Cathcart said. “This is not new to us… I firmly believe that the government should push us to have more security instead of doing the opposite.”
The WhatsApp statement means that the app is a step further than Apple. Apple encrypts iMessages, but still holds the key to the encrypted backup; this means that Apple can assist in recovery, but it can also force it to hand over the keys to law enforcement agencies. Cathcart said that in the past few years, WhatsApp has been working hard to make encrypted backups a reality. Although it was an opt-in at the beginning, he hopes that over time, “this will become the way everyone works.”
