Wednesday, June 19, 2024

“WhatsApp Will Never Be Secure” – Telegram Founder Attack Facebook Owned WhatsApp

“WhatsApp Will Never be Safe” !! Telegram Founder Pavel Durov Attack Facebook Owned WhatsApp after the recent incident, in which, WhatsApp fixed a high severity bug that allows hackers to inject spyware remotely by making a single WhatsApp call and steal entire phone data.

Durov is always focusing on users privacy, Telegram was created by people who had to leave Russia because of restrictions on freedom and privacy. Telegram is based in Dubai at the moment – and is blocked and forbidden in Russia.

In this case, Telegram said, those demands would be impossible to implement since the keys were stored on users’ devices.

Unlike Telegram, WhatsApp is not an open source platform and it never allows security researchers to check whether the App contain any malicious code or stealing any data from users.

WhatsApp built with extremely obfuscated functionality in their app binaries to make sure no one able to read the code and study their infrastructure clearly.

Durov pointed similar incidents (1, 2, 3) and said “Every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place. All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors.”

Back to 2012, when he was working for Telegram development, WhatsApp was transferring messages in plain-text in transit (1, 2) which allows not only for government but mobile providers and wifi admins had access to all WhatsApp texts.

After these incidents, WhatsApp added the encryption feature but the decryption key was given to the several governments who can able to decrypt any users WhatsApp Conversation in the country.

In 2016, WhatsApp announced they implemented end-to-end encryption so “no third party can access messages“. It coincided with an aggressive push for all of its users to back up their chats in the cloud.

Also, he Quoted that, “When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement. Brilliant marketing, and some naive people serving their time in jail as a result”

” WhatsApp has a consistent history – from zero encryption at its inception to a succession of security issues strangely suitable for surveillance purposes. Looking back, there hasn’t been a single day in WhatsApp’s 10-year journey when this service was secure. That’s why I don’t think that just updating WhatsApp’s mobile app will make it secure for anyone.”

He Wrote a brief Statement in Telegraph “A lot of people can’t stop using WhatsApp, because their friends and family are still on it. It means we at Telegram did a bad job of persuading people to switch over. While we did attract hundreds of millions of users in the last five years, this wasn’t enough. The majority of internet users are still held hostage by the Facebook/WhatsApp/Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable.”

Also he pointed out about the Telegram ” In almost 6 years of its existence, Telegram didn’t have any major data leak or security flaw of the kind WhatsApp demonstrates every few months. In the same 6 years, we disclosed exactly zero bytes of data to third-parties, while Facebook/WhatsApp has been sharing pretty much everything with everybody who claimed they worked for a government “

He also requested that “If you like Telegram enough, you will tell your friends about it. The Facebook marketing department is huge. We at Telegram, however, do zero marketing. We don’t want to pay journalists and researchers to tell the world about Telegram. For that, we rely on you – the millions of our users. “.


Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles