Pavel Durov, the founder of Telegram, discusses the recent hacking of Amazon boss Jeff Bezos’ iPhone in a new blog post, explaining that despite Facebook putting the blame on iOS, WhatsApp is the one that facilitated the attack.

Durov says that despite iOS devices having “loads of privacy-related issues,”, WhatsApp is the culprit here, as the corrupt video vulnerability exposes not only iPhones, but also Android and Windows Phone devices. This means all mobile devices where WhatsApp is installed can be hacked with an exploit aimed at that security flaw, he says.

Furthermore, Durov says the vulnerability doesn’t exist in other apps on iOS, so hacking an iPhone where WhatsApp is installed wasn’t possible.

“Had Jeff Bezos relied on Telegram instead of WhatsApp, he wouldn't have been blackmailed by people who compromised his communications,” he says.

End-to-end encryption

The Telegram founder then moves to the end-to-end encryption that the Facebook-owned WhatsApp keeps praising on every occasion and which the company says didn’t allow for hackers to break into Jeff Bezos’ phone.

“This technology is not a silver bullet that can guarantee you absolute privacy by itself,” he says, adding that the backups that you can create in WhatsApp aren’t encrypted. Telegram, on the other hand, doesn’t use third-party cloud backups, and Secret Chats, where conversations can be deleted automatically at a user-defined time, are never backup up anywhere, he says.

Backdoors are also a huge issue, and Durov says not implementing them in Telegram is one of the reasons his app is banned in some countries.

“Enforcement agencies are not too happy with encryption, forcing app developers to secretly plant vulnerabilities in their apps,” he continues, reminding that security issues in WhatsApp are discovered way too often.

“Backdoors are usually camouflaged as “accidental” security flaws. In the last year alone, 12 such flaws have been found in WhatsApp. Seven of them were critical – like the one that got Jeff Bezos,” Durov continues, adding that the flaws in encryption implementation also expose users.

Jeff Bezos’ iPhone was hacked in 2018 with a malicious message allegedly coming from Saudi Arabia Crown Prince Mohammed bin Salman. The message included an infected video whose purpose was to allow hackers to break into the device using an unpatched vulnerability in WhatsApp.