Meta Advances Security of Encrypted Backups with HSM-Based Key Vault and New Verification Methods
The Foundation: HSM-Based Backup Key Vault
Meta’s end-to-end encrypted backups for WhatsApp and Messenger now rest on a robust infrastructure known as the HSM-based Backup Key Vault. This system enables users to safeguard their message history with a recovery code, which is stored securely within tamper-resistant hardware security modules (HSMs). Meta, cloud storage providers, and other third parties cannot access this recovery code. The vault operates as a geographically distributed fleet across multiple data centers, achieving resilience through majority-consensus replication — a design that ensures no single point of failure compromises user data.
Earlier in 2024, Meta simplified the process of enabling end-to-end encrypted backups using passkeys. Now, the company is reinforcing the underlying infrastructure that protects password-based encrypted backups with two key upgrades: over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments.
Over-the-Air Fleet Key Distribution
To authenticate the HSM fleet, client applications verify the fleet’s public keys before establishing a secure session. In WhatsApp, these keys are hardcoded into the app. However, for Messenger — where new HSM fleets must be deployed without requiring a full app update — Meta has developed a mechanism to distribute fleet public keys over the air as part of the HSM response.
The fleet keys are delivered in a validation bundle that is signed by Cloudflare and then counter-signed by Meta. This provides independent cryptographic proof of the bundle’s authenticity. In addition, Cloudflare maintains an audit log of every validation bundle issued, offering an extra layer of transparency. The complete validation protocol is detailed in Meta’s whitepaper, “Security of End-to-End Encrypted Backups.”
More Transparent Fleet Deployment
Transparency in HSM fleet deployment is critical to demonstrating that the system operates as designed — and that Meta cannot access users’ encrypted backups. Going forward, Meta will publish evidence of the secure deployment of each new HSM fleet on this blog page. New fleet deployments are infrequent, typically occurring only every few years, but the company is committed to proving that each deployment adheres to strict security standards.
Users can independently verify the security of any new fleet by following the steps outlined in the Audit section of the whitepaper. This move reinforces Meta’s leadership in the field of secure encrypted backups, giving users greater confidence that their message history remains private.
Read the Whitepaper
For the complete technical specification of the HSM-based Backup Key Vault, including detailed protocols and audit procedures, refer to the full whitepaper: “Security of End-to-End Encrypted Backups.”