POSTED ON TO Production Engineering, Security & Privacy

How Meta Is Strengthening End-to-End Encrypted Backups

By , , ,

The HSM-based Backup Key Vault

Meta’s HSM-based Backup Key Vault provides the foundation for end-to-end encrypted backups for WhatsApp and Messenger. The system allows people to protect their backed-up message history with a recovery code, ensuring that the recovery code is stored in tamper-resistant hardware security modules (HSMs) and is inaccessible to Meta, cloud storage providers, or any third party. The vault is deployed as a geographically distributed fleet across multiple datacenters, providing resilience through majority-consensus replication.

Late last year, we made it easier to end-to-end encrypt your backups using passkeys, and now we continue to strengthen the underlying infrastructure that protects password-based end-to-end encrypted backups with two updates: over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments.

Over-the-Air Fleet Key Distribution

To verify the authenticity of the HSM fleet, clients validate the fleet’s public keys before establishing a session. In WhatsApp, these keys are hardcoded into the application. To support Messenger — where new HSM fleets need to be deployed without requiring an app update — we built a mechanism to distribute fleet public keys over the air as part of the HSM response. Fleet keys are delivered in a validation bundle that is signed by Cloudflare and counter-signed by Meta, providing independent cryptographic proof of their authenticity. Cloudflare also maintains an audit log of every validation bundle. The full validation protocol is described in our whitepaper, “Security of End-To-End Encrypted Backups.”

More Transparent Fleet Deployment

Transparency in the deployment of our HSM fleet is essential to demonstrating that the system operates as designed and that Meta cannot access users’ encrypted backups.  We will now publish evidence of the secure deployment of each new HSM fleet on this blog page, further cementing our leadership in the space of secure encrypted backups. New fleet deployments are infrequent — typically no more than every few years — and we are committed to demonstrating to our users that each new fleet is deployed securely, which any user can verify by following the steps in the Audit section of our whitepaper.

Read the Whitepaper

For the complete technical specification of the HSM-based Backup Key Vault, read the full whitepaper, “Security of End-To-End Encrypted Backups.”

Read More in Security & Privacy

View All

Technology at Meta

Open Source

Meta believes in building community through open source technology. Explore our latest projects in Artificial Intelligence, Data Infrastructure, Development Tools, Front End, Languages, Platforms, Security, Virtual Reality, and more.

  • android
    ANDROID
  • ios
    iOS
  • web
    WEB
  • backend
    BACKEND
  • hardware
    HARDWARE

To help personalize content, tailor and measure ads and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookie Policy