End-to-end encryption in WhatsApp closes a long-standing security gap.

Spread the love

WhatsApp enhances security and closes a previously known cloud backup flaw.

With the addition of end-to-end encryption (E2EE) to WhatsApp, users will be able to secure their backed up communication history stored in the cloud. This functionality closes a previously known security hole that could have exposed user data to undesired third parties while keeping cloud backups.

Over two billion WhatsApp users are set to receive a major security enhancement as the app will now allow users to encrypt cloud-based backups via end-to-end encryption (E2EE).

WhatsApp users have enjoyed knowing that their communications within the app were encrypted, ensuring messages were viewable only by senders and their indicated recipients. This protection ceased, however, any time a messaging session was backed up to a cloud-based backup location such as Apple’s iCloud or Android’s Google Drive. This lack of encryption on the backed-up messages created a security loophole exploitable by parties ranging from law enforcement agencies to unintended malicious third parties.

READ ALSO:  Microsoft Sacks Editors, Gives Jobs to AI

The new E2EE functionality will ensure that these backups are no longer viewable by anyone, including WhatsApp or the hosting provider, that does not possess the required key. Once received, only the intended recipient can decrypt a transmitted message by using the private key, also known as the decryption key.

The newly available encryption functionality is a big step forward in ensuring the confidentiality, integrity, and availability of WhatsApp backup data transmitted and stored in the cloud.

While the new functionality does provide enhanced security for WhatsApp users and their data, it does not provide complete and total anonymity. Metadata information such as dates, times, senders, and receivers are still retrievable from the message. While this may not provide the content of the message to an unintended third party, it can provide some indication of the subject matter and urgency of the message. The encryption also does nothing to combat other security vulnerabilities such as compromised receiver endpoints and unencrypted intermediary servers encountered in transit.

READ ALSO:  Microsoft blocks Windows 10 May 2020 update for PCs with LTE modems

WhatsApp will deploy the new E2EE solution to users over the next several weeks. Once deployed, the backup key vault service will be replicated and distributed across multiple data centers to ensure service availability and support for end users.


Leave a Reply