Meta Enhances Security of Encrypted Backups with Advanced HSM Infrastructure Updates

The Foundation: HSM-Based Backup Key Vault

At the core of Meta's approach to end-to-end encrypted backups for WhatsApp and Messenger lies the HSM-based Backup Key Vault. This system enables users to safeguard their message history with a recovery code, which is stored in tamper-resistant hardware security modules (HSMs). Critically, neither Meta, cloud storage providers, nor any third party can access this recovery code. The vault operates as a geographically distributed fleet across multiple data centers, leveraging majority-consensus replication to ensure resilience.

Meta Enhances Security of Encrypted Backups with Advanced HSM Infrastructure Updates — Source: engineering.fb.com

Recent Enhancements to Encrypted Backup Security

Late last year, Meta streamlined the process of end-to-end encrypting backups using passkeys. Now, the company is bolstering the underlying infrastructure that protects password-based encrypted backups with two key updates: over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments.

Over-the-Air Fleet Key Distribution

To verify the authenticity of the HSM fleet, clients validate the fleet's public keys before establishing a session. In WhatsApp, these keys are hardcoded into the application. However, for Messenger, where new HSM fleets may be deployed without requiring an app update, Meta developed a mechanism to distribute fleet public keys over the air as part of the HSM response. Fleet keys are delivered in a validation bundle signed by Cloudflare and counter-signed by Meta, providing independent cryptographic proof of their authenticity. Cloudflare also maintains an audit log of every validation bundle. The full validation protocol is detailed in Meta's whitepaper, Security of End-To-End Encrypted Backups.

More Transparent Fleet Deployment

Transparency in deploying the HSM fleet is essential to demonstrating that the system operates as designed and that Meta cannot access users' encrypted backups. Going forward, Meta will publish evidence of the secure deployment of each new HSM fleet on its engineering blog. New fleet deployments are infrequent — typically no more than every few years — and Meta is committed to showing users that each new fleet is deployed securely. Any user can verify this by following the steps outlined in the Audit section of the whitepaper.

Detailed Technical Specifications

For the complete technical specification of the HSM-based Backup Key Vault, readers are encouraged to review the full whitepaper: Security of End-To-End Encrypted Backups.

Key Points to Remember

HSM-based vault ensures recovery codes remain inaccessible to Meta and third parties.
Geographic distribution and consensus replication ensure high availability and durability.
Over-the-air key distribution allows Messenger to deploy new fleets without app updates, using Cloudflare-signed validation bundles.
Transparency obligations include published evidence of secure fleet deployments for user verification.
Backward compatibility is maintained with existing password-based and passkey-based backup encryption workflows.

These updates reinforce Meta's commitment to user privacy and security in messaging platforms, providing a robust foundation for end-to-end encrypted backups.

Tags: