Pavel Durov : WhatsApp non riesce a proteggere i messaggi degli utenti

Pavel Durov, CEO e fondatore di Telegram ha nuovamente avvertito gli utenti di WhatsApp dei problemi di sicurezza della app di messaggistica rivale. In un post di Telegram, Durov parla della sua previsione a maggio che le backdoor di WhatsApp continueranno a essere scoperte e riprende le notizie della più recente vulnerabilità di WhatsApp che ha permesso agli hacker di accedere a tutti i dati sul telefono di un target inviando un video.

Secondo Durov “WhatsApp non riesce a proteggere i messaggi degli utenti, ma viene costantemente utilizzata come cavallo di Troia per spiare foto e messaggi non WhatsApp”. Per Durov Facebook sta cercando di confondere il pubblico dicendo che non ci sono prove che la backdoor sia stata sfruttata dagli hacker e sottolinea che la maggior parte dei messaggi degli utenti di WhatsApp vengono inviati non crittografati ai server Apple e Google aggiungendo che “è molto improbabile” che questi importanti e coerenti errori di sicurezza di WhatsApp che consentono la sorveglianza siano accidentali” ammonendo: ” per evitare che le tue foto e i messaggi divengano pubblici un giorno, conviene eliminare WhatsApp dal tuo telefono “.

Il post di Pavel Durov

In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1] (https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15). This week a new backdoor was quietly found in WhatsApp [2] (https://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-update-latest-spying-security-spyware-india-cert-nso-a9210236.html). Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3] (https://in.mashable.com/tech/8573/whatsapp-android-and-ios-users-are-now-at-risk-from-malicious-video-files).

WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4] (https://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet)[5] (https://www.usatoday.com/story/news/2013/06/06/nsa-surveillance-internet-companies/2398345/). It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6] (https://mashable.com/article/brian-acton-whatsapp-interview/).

Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7] (https://www.techspot.com/news/82843-hackers-can-use-whatsapp-flaw-way-handles-video.html). Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8] (https://www.theinquirer.net/inquirer/news/3061660/whatsapp-is-storing-unencrypted-backup-data-on-google-drive)). So – nothing to analyze – “no evidence”. Convenient.

But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9] (https://www.ft.com/content/67a5b442-f971-11e9-a354-36acbbb0d9b6)[10] (https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup-excl/exclusive-government-officials-around-the-globe-targeted-for-hacking-through-whatsapp-sources-idUSKBN1XA27H). It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11] (https://www.thetimes.co.uk/edition/news/police-can-access-suspects-facebook-and-whatsapp-messages-in-deal-with-us-q7lrfmchz)[12] (https://www.bloomberg.com/news/articles/2019-09-28/facebook-whatsapp-will-have-to-share-messages-with-u-k-police).

Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.

Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.

Vuoi saperne di più su Massa Critica ? Ecco la nostra presentazione.
Ti  è piaciuto Massa Critica ? Bene! Iscriviti alla nostra newsletter. e al nostro canale Telegram.
Se ti piace il nostro lavoro vai alla nostra pagina su Facebook e clicca su "Like".
Se preferisci puoi anche seguirci via Twitter e via Youtube.