San Francisco, Jan 31: Private instant messaging app Telegram's founder Pavel Durov has said Amazon Founder and CEO Jeff Bezos' data may not have been hacked if he had relied on Telegram instead of Facebook-owned WhatsApp which is full of malicious "backdoor" bugs. Facebook has blamed Apple's operating system for the hacking of Bezos' phone, saying WhatsApp's end-to-end encryption is unhackable. Investigators believe that Bezos's iPhone was compromised after he received a 4.4MB video file containing malware via WhatsApp - in the same way when phones of 1,400 select journalists and human rights activists were broken into by Pegasus software from Israel-based NSO Group last year.
"WhatsApp's 'corrupt video' vulnerability was present not only on iOS, but also on Android and even Windows Phone devices. Meaning, on all mobile devices with WhatsApp installed," Durov wrote in a blog post late Thursday. "This security fault was not present in other messaging apps on iOS. Had Jeff Bezos relied on Telegram instead of WhatsApp, he wouldn't have been blackmailed by people who compromised his communications," he added. According to Durov, WhatsApp uses the words "end-to-end encryption" as some magic incantation that alone is supposed to automatically make all communications secure. However, this technology "is not a silver bullet that can guarantee you absolute privacy by itself".
According to Durov, there are backdoors that are camouflaged as "accidental" security flaws and may lead to such instances. "Enforcement agencies are not too happy with encryption, forcing app developers to secretly plant vulnerabilities in their apps. I know that because we've been approached by some of them -- and refused to cooperate. As a result, Telegram is banned in some countries where WhatsApp has no issues with authorities, most suspiciously in Russia and Iran," noted Durov.
In an interview to the BBC last week, Facebook's Vice President of Global Affairs and Communications, Nick Clegg, said it wasn't WhatsApp's fault because end-to-end encryption is unhackable and blamed Apple's operating system for Bezos' episode. "It sounds like something on the... you know, what they call the operate, operated on the phone itself. It can't have been anything, when the message was sent, in transit, because that's end-to-end encrypted on WhatsApp," Clegg had told the show host.
According to a report from FTI Consulting, a firm that has investigated Bezos' phone, after that the video file was received, Bezos' phone started sending unusually large amounts of outbound data, including his intimate messages with his girlfriend Lauren Sanchez. According to Clegg, "something" must have affected the phone's operating system. "Consequently, the issue was not iOS-specific, but WhatsApp specific," replied Durov.
"Telegram rolled out end-to-end encryption for mass communication years before WhatsApp followed suit, and we've been mindful not only of the strengths, but also the limitations of this technology. Other aspects of a messaging app can render end-to-end encryption useless. Below are three examples of what can go wrong," he added. The fact that Apple was forced by the FBI to abandon encryption plans for iCloud is telling.
"That's one of the reasons why Telegram never relies on third-party cloud backups, and Secret Chats are never backed up anywhere," said the Telegram founder. WhatsApp has 1.5 billion users globally while Telegram has 200-300 million users. "Some could say that, as a founder of a rival app, I may be biased when criticizing WhatsApp. Of course I am. Of course I consider Telegram Secret Chats to be significantly more secure than any competing means of communication – why else would I be developing and using Telegram?"