WhatsApp fixes its biggest encryption loophole
Few, if any, services have done more to bring secure messaging to more people than WhatsApp. Since 2016, the messaging platform has enabled end-to-end encryption—by default, no less—for its billions of users. No complaints there. But if you back up your WhatsApp messages to iCloud or Google Cloud, those chats no longer have that level of protection.
To be abundantly clear, this does not mean that WhatsApp’s encryption is somehow faulty, or that anyone is spying on your messages. (Unless they have a subpoena.) It’s a loophole, a function of WhatsApp relying on other people’s clouds to stash your stuff. Now, thanks to some clever cryptography, the Facebook-owned company has cooked up a way close it.
Over the next few weeks, WhatsApp will roll out an update that adds end-to-end encryption to backups, should you so choose. Facebook CEO Mark Zuckerberg announced the feature in a Facebook post. It’s a complex solution to a longstanding issue, and one that sets a precedent for companies that don’t want to rely quite so extensively on the security of the world’s handful of dominant cloud providers.
“We’ve been working on this problem for many years and to build this, we had to develop an entirely new framework for key storage and cloud storage that can be used across the world’s largest operating systems,” says WhatsApp product manager Calvin Pappas.
To better understand that solution, it helps to clarify the problem. WhatsApp encrypts messages between senders and recipients; the service can’t see them at any point on that journey, nor after they arrive. (An exception here is that if you report a message as abusive, WhatsApp contractors may review it. This doesn’t break or even undermine its end-to-end encryption; once someone receives a message they can show it to whomever they want. Encryption isn’t magic!) So far, so good. The potential trouble starts if you back up your messages to iCloud or Google Cloud, which are not end-to-end encrypted, which in turn means that Apple or Google could hand them over to law enforcement if it comes knocking.
“So many companies' services run on a different company's cloud, and the security of that cloud isn't under their control,” says Riana Pfefferkorn, research scholar at the Stanford Internet Observatory. It’s not, she says, that Apple or Google or any other cloud provider is necessarily unsafe. But the saying “the cloud is just someone else’s computer,” and the liabilities it portends, apply whether you’re an individual uploading a few photos from your phone or a company with billions of privacy-minded users.
WhatsApp isn’t ditching Google Cloud or iCloud. But it’s going to let you encrypt your backups before they head to those clouds in the first place. Think of it like handing a secret message to a courier. If you write it out in plain English and they get apprehended, you’re toast. But if you write it in a code that they themselves don’t know how to decipher, all you’ve given up is a bunch of squiggles and dots.
If you opt to use the new feature, WhatsApp will encrypt your messages, images, videos, and so on with a random key that’s generated on your device. You can either secure that key with a password, or manually with a 64-digit encryption key. The password is almost certainly easier to remember, and if you go that route WhatsApp will store your key in a Backup Key Vault that lives in a so-called hardware secure module—a sort of digital safety deposit box that keeps your key secret from WhatsApp, Apple, Google, and anyone else. Your password is what unlocks it and gives you access to your chat backups. The 64-digit encryption key may be harder to keep track of, but if you choose to manage it yourself it doesn’t go to the HSM Backup Key Vault, which removes a potential—if unlikely—point of failure.
WhatsApp has built in a few additional protections, as well. Too many wrong password attempts, and the key will become “permanently inaccessible,” a measure designed to prevent so-called brute force attacks. And the service replicates your key in HSM-based Backup Key Vaults across five geographically disparate data centers, to ensure you can still access your chats even if one of them has an outage.
“Redundancy is important,” says WhatsApp software engineering manager Slavik Krassovsky. “If a data center, or even a machine or network switch in a data center, theoretically went down, we don’t want that to impact someone’s ability to get their end-to-end encrypted backup and decrypt their chat history.”
And while generally it’s preferable to enable privacy and security features by default, in this case opt-in makes sense. “It's easy to accidentally lock yourself out of an account by forgetting a password, and if that means losing all the conversations you'd had on WhatsApp, you might not want to take that chance,” says Pfefferkorn. “For a lot of people, not losing their backups is a more pressing concern than adding an extra layer of security.”
For those who do need that level of security, though, WhatsApp’s end-to-end encrypted backups are a welcome development, one that other messaging services will hopefully embrace as well. “We may see more companies decide to build in an extra layer of security for their own users instead of depending on their cloud provider,” says Pfefferkorn. “Of course, not everyone has the resources WhatsApp does, but with two billion users, WhatsApp also has a lot more people depending on it than most services do.”
Even with end-to-end encrypted backups, you still may have valid concerns over the amount of data WhatsApp shares with Facebook, or the metadata it collects. And secure messaging service Signal doesn’t use cloud backups at all, obviating the issue entirely. But the step WhatsApp is taking today balances usability, scale, and protection in a way that no other encrypted messaging service currently does.–wired.com