'WhatsApp will never be safe': Telegram boss attacks Facebook-owned messaging app

'Looking back, there hasn't been a single day in WhatsApp's 10 year journey when this service was secure,' claims Telegram founder Pavel Durov

Anthony Cuthbertson
Thursday 16 May 2019 15:10 BST
Comments
WhatsApp boasts hundreds of millions more users than Telegram but a series of scandals are pushing people towards the rival messaging app
WhatsApp boasts hundreds of millions more users than Telegram but a series of scandals are pushing people towards the rival messaging app (Composite)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A huge security flaw with WhatsApp that compromised the privacy of 1.5 billion users this week will not be the last and may not even be the worst incident of its kind, the founder of rival messaging app Telegram has warned.

Russian entrepreneur Pavel Durov joined mounting criticism against the Facebook-owned app after it was revealed that everything on a WhatsApp user's phone - from private photos and videos, to emails and texts - were accessible to hackers. In a blog post titled 'Why WhatsApp will never be secure', Durov laid out all the reasons he was not surprised by the latest privacy scandal.

"WhatsApp has a consistent history - from zero encryption at its inception to a succession of security issues strangely suitable for surveillance purposes," he wrote. "Looking back, there hasn't been a single day in WhatsApp's 10 year journey when this service was secure."

The app is not open source, meaning security researchers are unable to easily check for vulnerabilities within its underlying software. This could allow governments and hackers to create backdoors into the app that would bypass any security measures that are in place.

WhatsApp introduced end-to-end encryption to "every form of communication" on the app in 2016, aimed at preventing messages from being read by anyone apart from the person sending and the person receiving them. Yet security experts have consistently claimed that relying on end-to-end encryption alone is simply not enough to protect the privacy and security of users of the messaging app.

"The latest hack shows that encryption is not the silver bullet people think it is," Richard Dennis, founder of the blockchain firm Temtum, told The Independent. "This attack did nothing to break or crack the encryption, as it attacks the phone directly, so the hacker can access the data pre-encryption and post-decryption."

Following the latest hack, a spokesperson for WhatsApp told The Independent that the security flaw was only identified earlier this month and a fix to the apps software was issued more than a week later. The company has encouraged users to upgrade to the latest version of the app, though it is no guarantee that a similarly devastating hack will be exploited in the future.

"Every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place," Durov said. "All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors."

He believes the messaging app will never be secure unless fundamentally changes how it works. "For WhatsApp to become a privacy-orientated service, it has to risk losing entire markets and clashing with authorities in their home country," Durov wrote. "They don't seem to be ready for that."

Before Telegram, Durov founded VK, often referred to as the Facebook of Russia. When he refused to comply with government-sanctioned security breaches of VK users, he was forced to flee his home country.

Telegram has also faced high-profile run-ins with authoritarian regimes and is banned in several countries, including Russia and Iran, for resisting pressure to weaken its security and allow access to people's private messages.

When Facebook took over WhatsApp in 2014, the founders of the messaging app said user privacy would remain a top priority.

"Respect for your privacy is coded into our DNA," Jan Koum wrote at the time. "If partnering with Facebook meant that we had to change our values, we wouldn't have done it."

Five years later, both Koum and fellow WhatsApp founder Brian Acton left Facebook over irreconcilable differences with Facebook over how the app was being run.

"I sold my users' privacy to a larger benefit," Acton said in an interview last year with Forbes. "I made a choice and a compromise. And I live with that every day."

Telegram is not the only alternative messaging app for WhatsApp users. The Edward Snowden-endorsed Signal is among several apps that prioritised users' privacy.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in