As the world left shocked at the news of a bug in WhatsApp’s audio call feature that allowed hackers to install spyware onto Android and iOS phones just by calling the target, its rival Telegram has warned that WhatsApp will continue to be open to surveillance.
Launching a scathing attack on the Facebook-owned messaging app that has over 1.5 billion users, Pavel Durov, the Russian founder of Telegram, said that every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place.
“All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors,” Durov wrote in a lengthy post late Wednesday.
The spyware on WhatsApp was reportedly developed by the Israeli cyber intelligence company NSO Group. According to experts, the victims of the latest WhatsApp spyware attack may have lost important personal information including location data and email content.
“In almost six years of its existence, Telegram didn’t have any major data leak or security flaw of the kind WhatsApp demonstrates every few months,” said Durov.
Unlike Telegram, WhatsApp is not open source, so there’s no way for a security researcher to easily check whether there are backdoors in its code.
“Not only WhatsApp doesn’t publish its code, they do the exact opposite: WhatsApp deliberately obfuscates their apps’ binaries to make sure no one is able to study them thoroughly,” Durov pointed out.
Telegram has crossed 200 million monthly active users globally.
WhatsApps’ “lack of security allows them to spy on their own people, so WhatsApp continues being freely available in places like Russia or Iran, where Telegram is banned by the authorities,” said Telegram founder who created the platform to offer securely encrypted communications.
Three years ago, WhatsApp announced they implemented end-to-end encryption so “no third party can access messages”.
It coincided with an aggressive push for all of its users to back up their chats in the cloud.
“When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement. Brilliant marketing, and some naive people serving their time in jail as a result,” Durov said.
WhatsApp has a consistent history – from zero encryption at its inception to a succession of security issues strangely suitable for surveillance purposes.
“Looking back, there hasn’t been a single day in WhatsApp’s 10-year journey when this service was secure. That’s why I don’t think that just updating WhatsApp’s mobile app will make it secure for anyone,” Durov added.
WhatsApp has not yet shared much details on the nature of the spyware attack and its implications, but it said it had provided information to the US law enforcement to help them conduct an investigation.
Last year, the founders of WhatsApp left the company due to concerns over users’ privacy.
“They are definitely tied by either gag orders or NDAs, so are unable to discuss backdoors publicly without risking to lose their fortunes and freedom. They were able to admit, however, that “they sold their users’ privacy,” he added.
“I feel we let humanity down in this whole WhatsApp spyware story. A lot of people can’t stop using WhatsApp, because their friends and family are still on it.
“The majority of Internet users are still held hostage by the Facebook/WhatsApp/Instagram empire. Many of those who use Telegram is also on WhatsApp, meaning their phones are still vulnerable,” Durov mentioned.
More recently, he said, “we are witnessing the attempt by Facebook to borrow Telegram’s entire philosophy, with Zuckerberg suddenly declaring the importance of privacy and speed, practically citing Telegram’s app description word for word in his F8 conference speech”.
“We at Telegram have to acknowledge our responsibility in forming the future. It’s either us or the Facebook monopoly. It’s either freedom and privacy or greed and hypocrisy,” he added, stressing that an era of freedom and privacy will begin soon.