WhatsApp made available end-to-end encrypted chat backups

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats.

WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage.

Currently, WhatsApp allows users to backup their chats on cloud storage services, but these backups are not end-to-end encrypted. An attacker carrying out a SIM swapping attack could theoretically access the conversations in the backups.

If the attacker installs the popular messaging app on a new device, the app will restore the chat backup available on the storage.

The implementation of the new feature will allow to secure this process by introducing end-to-end encryption of user chat backups. Users will be able to choose a 64-digit password to protect the backup that will allow them to restore backups in future installations.

“You can now secure your end-to-end encrypted backup with either a password of your choice or a 64-digit encryption key that only you know. Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it. ” reads the announcement published by WhatsApp.

The feature will be initially available only to the users with the latest version of WhatsApp.

Users for which the feature will be available can enable it following this procedure:

Open WhatsApp.
Open Settings.
Tap Chats > Chat Backup > End-to-end Encrypted Backup.
Tap Continue, then follow the prompts and enter a password or key when asked.
Tap Done, and wait for WhatsApp to prepare your end-to-end encrypted backup. While creating an encrypted backup, the app may prompt you to connect your device to power.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, end-to-end encrypted chat backups)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.