WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats.
WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage.
Currently, WhatsApp allows users to backup their chats on cloud storage services, but these backups are not end-to-end encrypted. An attacker carrying out a SIM swapping attack could theoretically access the conversations in the backups.
If the attacker installs the popular messaging app on a new device, the app will restore the chat backup available on the storage.
The implementation of the new feature will allow to secure this process by introducing end-to-end encryption of user chat backups. Users will be able to choose a 64-digit password to protect the backup that will allow them to restore backups in future installations.
“You can now secure your end-to-end encrypted backup with either a password of your choice or a 64-digit encryption key that only you know. Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it. ” reads the announcement published by WhatsApp.
The feature will be initially available only to the users with the latest version of WhatsApp.
Users for which the feature will be available can enable it following this procedure:
- Open WhatsApp.
- Open Settings.
- Tap Chats > Chat Backup > End-to-end Encrypted Backup.
- Tap Continue, then follow the prompts and enter a password or key when asked.
- Tap Done, and wait for WhatsApp to prepare your end-to-end encrypted backup. While creating an encrypted backup, the app may prompt you to connect your device to power.
(SecurityAffairs – hacking, end-to-end encrypted chat backups)