In a recent report by the NCC Group, WhatsApp’s identity-linked storage (IPLS) was under the microscope, revealing a nuanced picture of WhatsApp's commitment to cryptographic privacy on its platform. Meta, which owns WhatsApp, commissioned this assessment to ensure secure contact storage for its users, particularly as they transfer data across devices. WhatsApp's IPLS operates with Hardware Security Modules (HSMs) and an Auditable Key Directory (AKD), implementing several cryptographic layers to prevent unauthorized access to contact metadata.
During the review, NCC Group consultants uncovered 13 issues spanning cryptography flaws, data exposure risks, and protocol design concerns. One critical finding noted that HSM-stored keys could remain accessible to the host for cryptographic operations, even when “locked,” raising concerns about potential key extraction vulnerabilities. NCC warned that “a compromised infrastructure could impersonate HSMs,” with the ability to decrypt sensitive metadata.
Another significant vulnerability was the possibility of "nonce reuse" within the encryption of session data. While nonce reuse might seem minor, it could allow attackers to decrypt sessions and reveal sensitive information by exploiting duplicate nonce occurrences. NCC recommended using distinct encryption keys to avoid this scenario.
Meta’s response to the findings was swift. According to the report, WhatsApp took corrective measures that addressed all identified issues before deploying the solution publicly. For example, WhatsApp replaced AES-GCM with a more resilient AES-GCM-SIV, a move aimed at mitigating potential misuse vulnerabilities in the protocol.
Meta’s heavy reliance on Cloudflare for AKD attestation also faced scrutiny. Although NCC's report did not encompass a full audit of this dependency, the analysts recommended close monitoring to prevent possible manipulation or "split-view" attacks that could create rogue namespaces. As a result, Meta committed to making namespace usage visible publicly, a move they believe will deter any covert namespace manipulations.
With increased demand for secure messaging and regulatory attention on data privacy, Meta’s investment in these cryptographic assessments demonstrates a shift toward transparency, but it also reveals the challenges faced in securely managing large-scale data infrastructures.