WhatsApp Will Never be Safe, Says Telegram Founder
In a direct attack on WhatsApp, Telegram founder Pavel Durov has stated that the Facebook-owned WhatsApp would never be safe.
In a statement that he had written on Telegraph Pavel Durov points out that hackers could access anything- photos, emails, texts etc- on any phone that had WhatsApp installed on it. He even discusses the security issue about WhatsApp recently faced- that of a high severity bug that could allow hackers to inject spyware remotely into a phone simply by making a WhatsApp call.
Durov writes, “Every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place. All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors.”
He points out that unlike Telegram, WhatsApp is not an open source platform and hence it never allows security researchers to easily check if there are backdoors in its code. Instead of publishing its code, WhatsApp deliberately obfuscates their apps’ binaries so that no one is able to study them thoroughly, he adds.
Durov explains that back in 2012, when he was working to develop Telegram, WhatsApp was still transferring messages in plain-text in transit and not just governments or hackers, but mobile providers and even Wi-Fi admins had access to all WhatsApp texts.
WhatsApp later added some encryption, but the key to decrypt messages was available with several governments, who could thus decrypt conversations on WhatsApp very easily. Durov says, “Then, as Telegram started to gain popularity, WhatsApp founders sold their company to Facebook and declared that “Privacy was in their DNA”. If true, it must have been a dormant or a recessive gene.”
Discussing how the end-to-end encryption introduced in 2016 by WhatsApp works, Pavel Durov says, “3 years ago WhatsApp announced they implemented end-to-end encryption so “no third party can access messages“. It coincided with an aggressive push for all of its users to back up their chats in the cloud. When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement. Brilliant marketing, and some naive people are serving their time in jail as a result.”
Durov also explains that those who don’t go for the backup thing could also be traced in many ways. He says that the metadata generated by WhatsApp users is leaked to different agencies in large volumes by WhatsApp’s mother company. Added to all this, there are critical vulnerabilities coming one after the other.
He writes, “WhatsApp has a consistent history – from zero encryption at its inception to a succession of security issues strangely suitable for surveillance purposes. Looking back, there hasn’t been a single day in WhatsApp’s 10 year journey when this service was secure. That’s why I don’t think that just updating WhatsApp’s mobile app will make it secure for anyone.”
In his statement, Durov explains why people can’t stop using WhatsApp all of a sudden. He says that a lot of people can’t do this because their friends and families still continue to use WhatsApp. He writes, “It means we at Telegram did a bad job of persuading people to switch over. While we did attract hundreds of millions of users in the last five years, this wasn’t enough. The majority of internet users are still held hostage by the Facebook/WhatsApp/Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable.”
Durov says this about Telegram- “In almost 6 years of its existence, Telegram hasn’t had any major data leak or security flaw of the kind WhatsApp demonstrates every few months. In the same 6 years, we disclosed exactly zero bytes of data to third-parties, while Facebook/WhatsApp has been sharing pretty much everything with everybody who claimed they worked for a government.”
He explains that unlike Facebook, which has a huge marketing department, Telegram does zero marketing and wouldn’t want to pay journalists and researchers to write about it. It instead relies on its users.
Well, that’s the gist of what the Telegram founder has to say. Let’s wait for the other side of the story. Let’s wait and see if WhatsApp comes up with its own statements defending itself, in response to what all Pavel Durov had written.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.