NEW DELHI: On Jan 22, The Guardian reported that Amazon CEO Jeff Bezos’ iPhone was breached and large amount of data stolen from it. The source of the breach was a malicious MP4 file allegedly sent to Bezos on WhatsApp by Crown Saudi prince, Mohammad Bin Salman. A few days later, Facebook’s vice president of global affairs and communications, Nick Clegg pinned the blame on iPhones and not on WhatsApp, citing that the platform protects all communications with end-to-end encryption.

Facebook owns Whatsapp, the world's most popular messaging app.

In an official blog, Paul Durov, chief executive officer of rival messaging platform Telegram, blasted WhatsApp once again for misleading its customers using end-to-end encryption as a smokescreen. “iOS devices have loads of privacy-related issues. But this was not one of them – for two reasons. First, WhatsApp’s corrupt video vulnerability was present not only on iOS, but also on Android and even Windows Phone devices. Meaning, on all mobile devices with WhatsApp installed. Second, this security fault was not present in other messaging apps on iOS," said Durov, to emphasise that the issue was not specific to iOS but to WhatsApp.

Further, Durov called WhatsApp’s end-to-end encryption claims a sham. “In their marketing, WhatsApp uses the words end-to-end encryption as some magic incantation that alone is supposed to automatically make all communications secure," he added.

Durov has a point. The fact that the Pegasus spyware that was used to target 1400 users including activists, journalists, lawyers and politicians across the world in April-May 2019 allowed the unknown attacker to remotely spy on the users in real time without breaching encryption, shows that end-to-end-encryption is effective only to a point. If the device itself is breached, no app with any amount of encryption is really secure.

This is where Durov reiterated that WhatsApp has secretly built backdoors to comply with the law enforcement agencies of the land to avoid backlash or even getting banned. He rues “enforcement agencies are not too happy with encryption, forcing app developers to secretly plant vulnerabilities in their apps. I know that because we’ve been approached."

Telegram was banned in Russia and Iran in 2018. While the former banned them for not sharing encryption keys, the latter argued that the platform was being used to encourage armed uprisings.

While WhatsApp is banned in China and North Korea, it is operational in Russia and Iran. Durov asserts that backdoors are usually camouflaged as accidental security flaws. In the last year alone, 12 such flaws have been found in WhatsApp.

Durov once emphasised the fact that WhatsApp’s source code is hidden and the app’s binaries are obfuscated which makes it hard for third party developers or researchers to analyse and verify if the encryption is actually enforced. To offer this transparency to its users, Telegram has used open source tools and its encryption is fully documented for anyone to verify.

As per reports, after the Jeff Bezos iPhone breach, United Nations has asked its officials to not use WhatsApp on their devices and officials working with Donald Trump have been advised to switch their phones.

WhatsApp didn’t commented on Durov's statement.

My Reads Logout