WhatsApp is a “Trojan horse” exploited to spy on millions of users naive enough to believe that Facebook owned messaging is different from its parent company, long plagued by privacy scandals, telegram founder said Pavel Durov.
In a long article on his Telegram channel on Wednesday, Durov took on one of his idea’s biggest rivals – WhatsApp, the world’s leading messaging app, which became a subsidiary of Facebook in 2014 and has some 1.5 billion monthly active users.
For those who still use WhatsApp (and other Facebook products for that matter). This is today’s message from @Telegramthe founder of Pavel @Durov.#Security #WhatsApp # cybersecurity #privacy pic.twitter.com/9y9zVBVgBf
– Vitalik Demin (@VitalikGDemin) November 20, 2019
âRegardless of the underlying intentions of WhatsApp’s parent company, the advice for their end users is the same: Unless you agree that all of your photos and messages will someday become public, you should delete WhatsApp from your phone.
The Russian-born entrepreneur has made no effort, citing a long record of Facebook privacy breaches to substantiate his case.
âWhatsApp does not only succeed in protecting your WhatsApp messages – this app is constantly used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook was part of the monitoring programs long before it acquired WhatsApp.
Read more: Whatsapp down: messaging app stops working for users around the world
In his stinging attack on the messenger, Durov also recounted a recent discovery of another system vulnerability in WhatsApp, which allowed hackers to send a specially crafted MP3 file to Android and iOS users and thus obtain access to all their data.
“All a hacker had to do was send you a video – and all of your data was at the attacker’s mercy,” Durov wrote.
While Facebook alerted WhatsApp users to the vulnerability, the social media giant played down the incident, saying it had no evidence that the backdoor was ever actually exploited by hackers.
Since WhatsApp does not store video files on its servers, it instead sends most of its media and messages directly to Google and Apple’s servers.
Durov argued, however, that Facebook’s denials are just smoke and mirrors, because “a security vulnerability of this magnitude has necessarily been exploited – just as WhatsApp’s previous backdoor was used against rights activists. humans and journalists naive enough to be WhatsApp users. . “
Since WhatsApp doesn’t store video files on its servers, but instead sends most of its media and messages directly to Google and Apple’s servers, Facebook has simply washed its hands of the matter, Durov explained. .
Durov dismissed the idea that WhatsApp was just riddled with system errors and couldn’t help but âaccidentallyâ implement âcritical security vulnerabilities in all of their apps every few monthsâ.
– Digital trends (@DigitalTrends) November 21, 2019
âI doubt it – Telegram, an app similar in complexity, has not had any serious issues with WhatsApp in the six years since its launch. It is very unlikely that anyone could accidentally make major security errors suitable for surveillance on a regular basis.
Last month, The New York Times reported that officials in the US, UK and Australia wrote a letter to Facebook CEO Mark Zuckerberg demanding that the company develop “back doors” in its stores. messengers to enable intelligence agencies to access the communications of some 300 million people per day. users, as well as 1.5 billion people who use Facebook daily.
Read more: How to read deleted Whatsapp messages
Previous issues with Whatsap privacy
In May 2019, WhatsApp reports that a small number of accounts were attacked by “an advanced cyber actor”. At the time, Facebook, owner of WhatsApp, told security specialists that the problem was: âA buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] the stack enabled remote code execution via a specially designed series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.
The app suggested that its 1.5 billion users update the app after deploying a patch to help protect devices from cyber attacks. Even though messages in WhatsApp are end-to-end encrypted, meaning they should only appear on the sender’s or recipient’s device, the monitoring software used in the latest hack would have allowed an attacker to read messages from the target.
Concerns about espionage escalated after a sophisticated cyber attack that relied on spyware called Pegasus developed by an Israel-based company called NSO Group and exploited the video calling system on WhatsApp to send malware to mobile devices. https://t.co/yHLlOBfDzv
– The telegraph (@ttindia) November 21, 2019
Whatsapp Web also makes the platform an obvious target for cybercriminals. For years, the app has allowed users to open a website or download a desktop app, scan a code with the app on your phone, and use WhatsApp on your computer.
The app store on a phone, the App Store on iOS, and Google Play on Android are more carefully regulated than the Internet in general. When a user searches for WhatsApp on these stores, it’s usually clear which app is the official app. This is not the case with the Internet at large.
Read more: Facebook’s technology improves to spy on unwanted content
Criminals, hackers and crooks have all taken advantage. There have been cases of attackers passing malware off as WhatsApp desktop apps. If one is unlucky enough to have downloaded any of them, the installation may distribute malware or compromise the computer.