WhatsApp has unveiled a new privacy-focused encrypted storage system, Identity Proof Linked Storage (IPLS), aimed at enhancing contact management security.
This innovative system addresses two major issues that WhatsApp users faced for years. Losing your phone shouldn’t mean losing your contacts! WhatsApp’s new feature eliminates the risk of losing your contact list and finally makes syncing across multiple devices seamless and hassle-free.
With IPLS, contacts now form a link to the user’s account rather than the device, allowing seamless management when switching or replacing devices. Additionally, users can now maintain separate contact lists for multiple accounts on the same device, with each list securely stored and isolated.
Enhanced Security Through Encryption
IPLS ensures a strong encrypted storage system by using a combination of encryption, key transparency, and Hardware Security Modules (HSMs).
When a contact is added, its details are encrypted with a symmetric encryption key generated on the user’s device and stored in WhatsApp’s tamper-resistant HSM-based Key Vault.
When users log in from a new device, they initiate a secure session with the Key Vault to retrieve their contacts by authenticating with the cryptographic keypair linked to their account, a feature created during registration.
Read: Australian Lawmaker Confronts British Royals: “Not My King”
End-to-End Encryption for Contacts
All contact information remains encrypted end-to-end, meaning the data is encrypted on the user’s device and stays encrypted throughout its journey across WhatsApp’s infrastructure, protecting it from interception or unauthorized access by Meta employees.
WhatsApp has also partnered with Cloudflare for independent audits of its cryptographic operations. Cloudflare acts as a third-party auditor for the Auditable Key Directory (AKD), signing each update and ensuring its integrity.
WhatsApp publishes auditable consistency proofs for AKD updates on an Amazon S3 instance, enabling users, researchers, and auditors to independently verify the system’s security.
Security Audits and Improvements
Before the public release of IPLS, WhatsApp enlisted NCC Group to conduct a security audit. The audit uncovered a critical vulnerability that could have allowed impersonation of Marvell HSMs, potentially exposing users’ private contact metadata.
Follow us on Google News, Instagram, YouTube, Facebook,Whats App, and TikTok for latest updates