Main Highlights
- WhatsApp, which is owned by Facebook, has finally implemented a much-needed security feature to preserve the privacy of personal talks on WhatsApp.
- This is a significant advancement in terms of WhatsApp conversation security and privacy.
- Backups will be encrypted with a unique, randomly generated encryption key if E2EE backups are enabled.
- People have the option of manually securing the key or using a user password.
WhatsApp, which is owned by Facebook, has finally implemented a much-needed security feature to preserve the privacy of personal talks on WhatsApp. Will Cathcart, the CEO of WhatsApp, revealed that WhatsApp conversation backups will now be end-to-end encrypted (E2E). This is a significant advancement in terms of WhatsApp conversation security and privacy since previous backups kept in Google Drive or iCloud were unencrypted and open to third-party spying.
WhatsApp is a freeware, cross-platform centralized instant messaging (IM) and voice-over-IP (VoIP) service owned by Facebook, Inc. in the United States. Users may exchange text and voice messages, conduct audio and video conversations, and share photos, documents, user locations, and other material.
WhatsApp’s client application runs on mobile devices but can also be accessed from desktop computers as long as the user’s mobile device is connected to the Internet while using the desktop version. To join up for the program, you must have a cellular phone number.
WhatsApp Business, a standalone company app aimed at small business owners, was introduced in January 2018 to allow enterprises to interact with consumers who use the normal WhatsApp client.
WhatsApp Inc. in Mountain View, California, built the client application, which was bought by Facebook in February 2014 for roughly US$19.3 billion. By 2015, it had surpassed WhatsApp as the most popular messaging app in the world, with over 2 billion users globally as of February 2020. It has surpassed email as the major mode of online communication in a number of regions, including Latin America, the Indian subcontinent, and vast sections of Europe and Africa.
What’s the new security key feature in WhatsApp?
WhatsApp communications were always encrypted end-to-end. This means that communication can only be read by the sender and receiver. The communications that you were automatically backing up on Google Drive or Apple iCloud, on the other hand, were not secured. As a result, any third party might have accessed these backup files and read your correspondence. WhatsApp is altering this, and it is now encrypting conversation backups as well.
WhatsApp stated that in order to allow E2EE backups, the company created a completely new system for encryption key storage that is compatible with both iOS and Android. Backups will be encrypted with a unique, randomly generated encryption key if E2EE backups are enabled.
Users have the option of manually securing the key or using a user password. When a password is chosen, the key is kept in a Backup Key Vault, which is built on a component known as a hardware security module (HSM) – specialized, secure hardware that may be used to securely store encryption keys.
When the account owner requires access to their backup, they may use their encryption key to access it, or they can use their personal password to get their encryption key from the HSM-based Backup Key Vault and decrypt their backup, according to WhatsApp.
WhatsApp says that the HSM-based Backup Key Vault will be in charge of enforcing password verification attempts and making the key permanently unavailable after a certain number of failed attempts. These security features guard against brute-force efforts to recover the key. WhatsApp will only be aware of the presence of a key in the HSM. It will not be aware of the key.
Backups can be encrypted end-to-end with a 64-digit encryption key. Backups can also be password-protected, in which case the encryption key is stored in the HSM-based Backup Key Vault. According to WhatsApp, the HSM-based Backup Key Vault service will be geographically dispersed across different data centers to ensure that it remains operational in the event of a data center failure.
How to get your old WhatsApp chat backups that are secured?
To retrieve your conversation backups, follow these instructions. You must enter your password, which will be encrypted and validated by the Backup Key Vault. Once the password has been validated, the Backup Key Vault will return the encryption key to the WhatsApp client.
The WhatsApp client may then decrypt the backups with the key in hand. If an account owner chooses to utilize the 64-digit key alone, they will have to manually enter the key to decrypt and access their backups. Securing conversation backups using E2E encryption is critical because even if your Google Drive or Apple iCloud is stolen, your WhatsApp chats will stay encrypted and safe.