Hey, you! Remember Telegram? That app we all used for a day or two when WhatsApp and the most popular social media sites were blocked by the government earlier this year. Well, the founder of Telegram Pavel Durov has cautioned WhatsApp users that the platform will never really be secure.
The warning comes in the wake of a vulnerability that allowed hackers to install spyware on mobile phones through WhatsApp. Durov believes the main problem with WhatsApp’s security flaws lies with the fact that Facebook isn’t comfortable with sharing the source code for WhatsApp:
Unlike Telegram, WhatsApp is not open source, so there’s no way for a security researcher to easily check whether there are backdoors in its code. Not only does WhatsApp not publish its code, they do the exact opposite: WhatsApp deliberately obfuscates their apps’ binaries to make sure no one is able to study them thoroughly.
Pavel Durov
Pavel Durov said the attacks look and work like surveillance backdoors:
Every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place. All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors.
Now I’m not big on conspiracy theories but there was some noise made last year regarding just how easy it is to hack WhatsApp’s encryption and that wasn’t coming from Pavel. He did touch on it in his blog post:
Later WhatsApp added some encryption, which quickly turned out to be a marketing ploy: The key to decrypt messages was available to at least several governments, including the Russians [9]
At some point, it was actually worse as WhatsApp only enabled encryption in 2012, which means prior to that mobile networks and WiFi admins had access to texts. Durov brought this up and you can’t help but worry regarding the ethics of a messaging service we have all so grown addicted to.
Pavel also explained that WhatsApp may actually be required to do this by the US government which puts users in a compromising position:
WhatsApp and its parent company Facebook may even be required to implement backdoors – via secret processes such as the FBI’s gag orders [3]. It’s not easy to run a secure communication app from the US. A week our team spent in the US in 2016 prompted 3 infiltration attempts by the FBI [4][5]. Imagine what 10 years in that environment can bring upon a US-based company.
Durov justified his concerns stating that in Russia, WhatsApp is freely available but that isn’t the case for Telegram which is much more secure:
Its lack of security allows them to spy on their own people, so WhatsApp continues being freely available in places like Russia or Iran, where Telegram is banned by the authorities
The blog post is very interesting and there are some red flags raised by Pavel Durov. Unfortunately, they will probably be dismissed by most as a jealous rival commenting ignorantly.
Considering that WhatsApp is working on a payments system next, one has to wonder just how secure this will be and whether or not your payment history will not be accesible to hackers and governments. There might also be a chance for Facebook to leverage on this transaction history to entice advertisers…
