WhatsApp’s end-to-end encryption closes a longstanding security loophole

Soon: WhatsApp’s introduction of end-to-end encryption (E2EE) will give users the ability to protect their history of backed up messages stored in the cloud. This ability solves a previously known security breach that potentially made user data available to unwanted third parties when storing backups in the cloud.

More than two billion WhatsApp users are scheduled to receive a major security upgrade, as the app will now allow users to encrypt cloud-based backups via end-to-end encryption (E2EE).

WhatsApp users have enjoyed knowing that their in-app communications were encrypted, ensuring messages are only visible to indicated senders and recipients. However, this protection ceased every time a messaging session was backed up to a cloud-based backup location, such as Apple’s iCloud or Android’s Google Drive. This lack of encryption in backed up messages created a security loophole exploitable by parties ranging from law enforcement agencies to unintentional malicious third parties.

The new E2EE functionality will ensure that these backups are no longer visible to anyone, including WhatsApp or the hosting provider, who does not have the required key. Once received, only the intended recipient can decrypt a transmitted message using the private key, also known as the decryption key.

The new available encryption functionality is a major step forward in ensuring the confidentiality, integrity and availability of WhatsApp backup data transmitted and stored in the cloud.

While the new functionality provides improved security for WhatsApp users and their data, it does not provide complete and complete anonymity. Metadata information, such as dates, times, senders, and receivers, can still be retrieved from the message. While this may not provide the content of the message to an unwanted third party, it may provide some indication of the subject and urgency of the message. Encryption also does nothing to combat other security vulnerabilities, such as compromised receiver endpoints and unencrypted proxy servers in transit.

WhatsApp will roll out the new E2EE solution for users in the coming weeks. Once implemented, the backup key vault service will be replicated and distributed across multiple data centers to ensure service availability and support for end users.

Leave a Comment