The founder of Telegram, which is emerging as a strong rival to WhatsApp in the messenger stakes, has launched a blistering attack on the subsidiary of US-based Facebook, alleging that it exposes them to serious vulnerabilities and asking users to delete the messaging app.

“Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone,” Pavel Valerievich Durov said in his Telegram channel on Wednesday.

His Telegram post has gone viral, triggering an animated debate on social media platforms.

“Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months,” he said.

Durov claimed that he had warned the public in May this year about ‘backdoors’ in WhatsApp. They (the backdoors) are getting discovered now, he said, with one serious security issue following another. “This week a new backdoor was quietly found in WhatsApp. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies,” he cautioned.

“All a hacker had to do was send you a video – and all your data was at the attacker’s mercy,” he warned.

CERT-In confirms breach

Indeed, India’s cyber emergency response team CERT-In raised a flag a few days ago, asking WhatsApp users to upgrade to the latest version of the app. It found a vulnerability that could be exploited by a remote attacker to execute arbitrary code. On infecting the system, the attacker could launch a Denial of Service (DoS) attack, CERT-in warned. Read all about it here

The cyber watchdog found a vulnerability that could be exploited by a remote attacker to execute arbitrary code. On infecting the system, the attacker could launch a Denial of Service (DoS) attack, CERT-in warned.

The hacker could sneak into a WhatsApp account by sending an mp4 (media file). If a user falls for the trap, his/her phone is exposed.

WhatsApp is reportedly working to patch up its vulnerabilities. If you’re using the app, it’s never a bad idea to update it to the latest version.

Interestingly, the latest ‘update’ for WhatsApp in Google Play, the Android app store, makes no mention of patching up vulnerabilities. It talks about a new security feature that allows users to key in and out of the app using their fingerprints.

How did it come to this?

WhatsApp claims that its users are protected by end-to-end encryption. This encryption, it claims, ensures only the user and the recipient read what's sent. However, a recent spyware attack, which saw the accounts of WhatsApp users globally breached, has made many worry about the safety of the app. The spyware gives unauthorised access to private data, including to passwords, messages, and calls.

The scandal has once again highlighted the vulnerability of Indian citizens. India lacks adequate data protection and privacy laws to protect citizens.

How safe is your WhatsApp account? How did the accounts of users globally, including many in India, get hacked? Watch this video to find out: How safe is your WhatsApp account?

What can you do?

With worries over WhatsApp being vulnerable to spyware growing, especially after the attack by Israel’s NSO Group, subscribers have been wondering how to protect their privacy.

The Citizen Lab at the Munk School, based in Toronto, Canada, has prepared an exclusive advisory for victims of the attack by the NSO Group’s Pegasus spyware, with a step-by-step guide on staying safe. Read all about it here: How to keep your phone and WhatsApp safe from spyware attacks


Earlier this month, BusinessLine reported on how the breach allowed snooping into the WhatsApp accounts of civil society activists in India and elsewhere. The scandal triggered an uproar, forcing the Government to issue a notice to the Facebook-owned messaging firm. Read all about it here: Activists demand judicial probe into WhatsApp snooping