So you can encrypt your backup end-to-end in the future
Whatsapp saves its users’ backups in the Google or iCloud. (Image: Shutterstock / Temitiman)
Message flows on Whatsapp have been end-to-end encrypted since 2016. A previously open gap is now to be closed.
The Facebook subsidiary Whatsapp has been promising users for several years that their chats will be protected from prying eyes. To ensure this, the messenger service uses so-called end-to-end encryption for chats.
So far, however, there has been a gap in the backups of the chats: They were saved on Google Drive or in the iCloud – and here it was no longer WhatsApp, but the respective cloud operator who was responsible for their security. The conversations, which were encrypted end-to-end, lost this special protection as soon as they ended up in the backup.
Whatsapp is now promising an innovation with which users can also encrypt their backup end-to-end. In one Blog post the parent company Facebook has announced that it will gradually roll out the new function for the latest Whatsapp versions on Android and iOS.
However, if you want to make sure that your backup copy is encrypted, you have to set it actively: In the settings should under Chats > Chat backup in future the option End-to-end encrypted backups be available.
The backup is then symmetrically encrypted with a random key generated by the client. You can either do that with one self-generated password or a 64-digit code secure against unauthorized access.
If the random key is protected with a password, it ends up in the cloud in a kind of safe based on a hardware security module (HSM). If you now enter the selected password, it is verified by the key in the HSM – the communication required for this via the Whatsapp service ChatD should logically also be encrypted. The alternative variant with a 64-digit code takes place locally.
If, for example, the password has not been entered correctly several times during an attack, access to the key is blocked after a certain number of attempts. “Neither WhatsApp nor your backup service provider can read your backups or access the key that is required to unlock,” the company promises in its announcement.
