October 23, 2024 at 02:58PM
WhatsApp has launched Identity Proof Linked Storage (IPLS), an encrypted system for secure contact management. IPLS solves contact loss and syncing issues by binding contact lists to accounts, enabling management across devices. Additionally, it allows multiple isolated contact lists on a single device. The system emphasizes end-to-end encryption and security audits.
### Meeting Takeaways on WhatsApp’s Identity Proof Linked Storage (IPLS)
1. **Introduction of IPLS**: WhatsApp has launched Identity Proof Linked Storage (IPLS), an encrypted storage system aimed at enhancing contact management privacy for users.
2. **Key Benefits**:
– **Device Independence**: Contacts are now bound to the user’s account rather than the device, reducing the risk of losing contacts when changing or losing phones.
– **Multi-Account Management**: Users can maintain separate contact lists for different accounts on a single device, with each list securely managed.
3. **Security Features**:
– **Encryption Protocol**: Contacts are encrypted using a symmetric key unique to each user, stored in a tamper-resistant Hardware Security Module (HSM).
– **End-to-End Encryption**: All contact data remains encrypted during transit, minimizing the risk of interception or unauthorized access.
4. **Auditing and Verification**:
– WhatsApp has engaged Cloudflare for third-party auditing of their cryptographic operations to ensure transparency and integrity through an Auditable Key Directory (AKD).
– The AKD updates are published on a publicly accessible Amazon S3 instance for external verification by users and researchers.
5. **Security Audit Findings**:
– Prior to public release, WhatsApp completed a security audit with NCC Group, uncovering a significant flaw related to impersonation of HSMs that could have exposed user key material.
– All identified vulnerabilities, including 12 additional low to medium severity flaws, were addressed by WhatsApp before the final rollout of IPLS in September 2024.
These takeaways reflect WhatsApp’s commitment to improving user privacy and security in contact management through innovative technology.