WhatsApp's end-to-end encryption closes a longstanding security loophole

[Jimmy2x]

In brief: WhatsApp's introduction of end-to-end encryption (E2EE) will provide users with the ability to secure their backed up message history stored in the cloud. This capability resolves a previously known security gap that potentially made user data available to unintended third parties when storing cloud backups.

Over two billion WhatsApp users are set to receive a major security enhancement as the app will now allow users to encrypt cloud-based backups via end-to-end encryption (E2EE).

WhatsApp users have enjoyed knowing that their communications within the app were encrypted, ensuring messages were viewable only by senders and their indicated recipients. This protection ceased, however, any time a messaging session was backed up to a cloud-based backup location such as Apple's iCloud or Android's Google Drive. This lack of encryption on the backed-up messages created a security loophole exploitable by parties ranging from law enforcement agencies to unintended malicious third parties.

The new E2EE functionality will ensure that these backups are no longer viewable by anyone, including WhatsApp or the hosting provider, that does not possess the required key. Once received, only the intended recipient can decrypt a transmitted message by using the private key, also known as the decryption key.

The newly available encryption functionality is a big step forward in ensuring the confidentiality, integrity, and availability of WhatsApp backup data transmitted and stored in the cloud.

While the new functionality does provide enhanced security for WhatsApp users and their data, it does not provide complete and total anonymity. Metadata information such as dates, times, senders, and receivers are still retrievable from the message. While this may not provide the content of the message to an unintended third party, it can provide some indication of the subject matter and urgency of the message. The encryption also does nothing to combat other security vulnerabilities such as compromised receiver endpoints and unencrypted intermediary servers encountered in transit.

WhatsApp will deploy the new E2EE solution to users over the next several weeks. Once deployed, the backup key vault service will be replicated and distributed across multiple data centers to ensure service availability and support for end users.

Permalink to story.

https://www.techspot.com/news/91204-whatsapp-end-end-encryption-closes-longstanding-security-loophole.html

 

[ScottSoapbox]

A nice addition. I hope this puts pressure on other companies (almost all of them) that don't encrypt cloud backups.

 

[Puiu]

It was just a "feature".

 

[theruck]

This effectively means that the authorities are not affraid of decrypting anything anymore.
I would really doubt that any photos or attachment are stored encrypted and even if they are, you as a user not knowing the encryption secret is creating a weird and false feeling of security

 

[Uncle Al]

This effectively means that the authorities are not affraid of decrypting anything anymore.
I would really doubt that any photos or attachment are stored encrypted and even if they are, you as a user not knowing the encryption secret is creating a weird and false feeling of security

In the South we call that ¨hitting the nail on the head¨ .......

 

[Vanderlinde]

This effectively means that the authorities are not affraid of decrypting anything anymore.
I would really doubt that any photos or attachment are stored encrypted and even if they are, you as a user not knowing the encryption secret is creating a weird and false feeling of security

This encryption usually yields security up to the front of your door. It is for people who managed to obtain your cloud password or something simular, and making it more difficult to obtain any personal details.

Goverment on the other hand can and will get it, wether it will be by a warrant presented towards facebook, apple or they do have the computational power by now to either crack it or have a backdoor. You dont tell me the large funded super computers are just there for weather calculations or so. Great part of that is spend into cracking any digital encryption on the net pretty much.

I mean, I was astonished when I readed about that 90's "GSM" encryption intentionally being degraded from 64 to 40 bits, otherwise a country like France woud'nt accept GSM in it's country being used. Basicly you had a entity which was able to decrypt and tap onto lots of people in quite some years.

With this in mind I cant trust the goverment; if terrorism is such a thing then start with borders. If child stuff is at stake then raise punishments and increase budgets of teams who actively seek and shut these people down. It's an always commonly used argument where our privacy is being taken.

9/11 was yesterday, and it did change the world in a way where every form of digital communication over the phone no longer is "safe".

 

[ron baer]

This effectively means that the authorities are not affraid of decrypting anything anymore.
I would really doubt that any photos or attachment are stored encrypted and even if they are, you as a user not knowing the encryption secret is creating a weird and false feeling of security

did you not read the Snowden whistleblower information about how they collect all information then put in cold storage so they are able to break it on their time so unless you have a strict weekly change of all passwords and obscure your IP differently almost as often then they have already your private stuff. the movie SNEAKERS was far ahead of its time