WhatsApp contains ‘dangerous’ and deliberate backdoors
WhatsApp has had a rocky past year as faith in its privacy and encryption promises continued to falter — especially after the world’s richest man fell victim to an infamous security vulnerability. Now, in a scathing blog post, Telegram Messenger’s founder, Pavel Durov, has added insult to the Facebook-owned instant messaging app’s injury by calling it “dangerous” to use.
Durov has accused WhatsApp of deflecting blame when it should have pledged to improve, and argued that simply encrypting chats end-to-end won’t shield users from breaches. “WhatsApp uses the words ‘end-to-end encryption’ as some magic incantation that alone is supposed to automatically make all communications secure. However, this technology is not a silver bullet that can guarantee you absolute privacy by itself,” Durov said.
More importantly, Durov claims that WhatsApp’s security bugs were in fact, deliberately planted backdoors to comply with and appease local law enforcement agencies so that the social network could do business without interruptions in such countries as Iran and Russia.
Telegram, Durov said, was approached by the same agencies but declined to cooperate. “As a result, Telegram is banned in some countries where WhatsApp has no issues with authorities, most suspiciously in Russia and Iran.”
The 35-year-old founder also talked at length about WhatsApp’s most recent debacle where a critical security vulnerability was reportedly exploited to hack Jeff Bezos’ phone. Facebook pinned the blame on iOS even though it was already known that the issue was present for all of WhatsApp’s mobile clients.
Durov also said that by backing up chats on iCloud instead of utilizing in-house infrastructure, WhatsApp risks user privacy as Apple doesn’t encrypt iCloud data and often hands it over in response to government requests. Last, Durov brought to light the fact that WhatsApp’s source code isn’t publicly available (unlike Telegram’s) which means it’s impossible to know how the company’s encryption works.
“Had Jeff Bezos relied on Telegram instead of WhatsApp, he wouldn’t have been blackmailed by people who compromised his communications.” he added.
While a few of Durov’s arguments appear sound, it’s worth noting his allegations are based on speculation and not concrete evidence. He also failed to address the privacy shortcomings that have plagued his own platform. Telegram doesn’t encrypt chats by default and a recent MIT investigation found glaring flaws in the messaging app’s privacy-focused features, including Secret Chat.
As governments across the world continue to hound companies to install backdoors, messaging apps have an uphill battle ahead of them. Durov’s accusation of WhatsApp planting backdoors comes as a particular shock since the Facebook-owned messaging app has repeatedly denied requests from authorities in countries like India to break its encryption layer to make it easier to track misinformation.