WhatsApp Fixes Its Biggest Encryption Loophole

If you opt to use the new feature, WhatsApp will encrypt your messages, images, videos, and so on with a random key that’s generated on your device. You can either secure that key with a password, or manually with a 64-digit encryption key. The password is almost certainly easier to remember, and if you go that route WhatsApp will store your key in a Backup Key Vault that lives in a so-called hardware secure module—a sort of digital safety deposit box that keeps your key secret from WhatsApp, Apple, Google, and anyone else. Your password is what unlocks it and gives you access to your chat backups. The 64-digit encryption key may be harder to keep track of, but if you choose to manage it yourself it doesn’t go to the HSM Backup Key Vault, which removes a potential—if unlikely—point of failure.

WhatsApp has built in a few additional protections, as well. Too many wrong password attempts, and the key will become “permanently inaccessible,” a measure designed to prevent so-called brute force attacks. And the service replicates your key in HSM-based Backup Key Vaults across five geographically disparate data centers, to ensure you can still access your chats even if one of them has an outage.

“Redundancy is important,” says WhatsApp software engineering manager Slavik Krassovsky. “If a data center, or even a machine or network switch in a data center, theoretically went down, we don’t want that to impact someone’s ability to get their end-to-end encrypted backup and decrypt their chat history.”

And while generally it’s preferable to enable privacy and security features by default, in this case opt-in makes sense. “It’s easy to accidentally lock yourself out of an account by forgetting a password, and if that means losing all the conversations you’d had on WhatsApp, you might not want to take that chance,” says Pfefferkorn. “For a lot of people, not losing their backups is a more pressing concern than adding an extra layer of security.”

For those who do need that level of security, though, WhatsApp’s end-to-end encrypted backups are a welcome development, one that other messaging services will hopefully embrace as well. “We may see more companies decide to build in an extra layer of security for their own users instead of depending on their cloud provider,” says Pfefferkorn. “Of course, not everyone has the resources WhatsApp does, but with two billion users, WhatsApp also has a lot more people depending on it than most services do.”

Even with end-to-end encrypted backups, you still may have valid concerns over the amount of data WhatsApp shares with Facebook, or the metadata it collects. And secure messaging service Signal doesn’t use cloud backups at all, obviating the issue entirely. But the step WhatsApp is taking today balances usability, scale, and protection in a way that no other encrypted messaging service currently does.


More Great WIRED Stories

Source

Author: showrunner