Telegram founder and CEO Pavel Durov called the WhatsApp messaging service a "surveillance tool" on Thursday, claiming that the security issues periodically found on the app are actually intentionally planted.
"Hackers could have full access (!) to everything on the phones of WhatsApp users," began Durov's Telegram message. "This was possible through a security issue disclosed by WhatsApp itself last week. All a hacker had to do to control your phone was send you a malicious video or start a video call with you on WhatsApp."
Last month, WhatsApp notified that it had patched a vulnerability that could have allowed remote code execution through video files or video calls.
The Telegram founder warned that updating to the latest version of WhatsApp would "not really" keep you safe, as there have been a slew of similar vulnerabilities found in recent years.
"Every year, we learn about some issue in WhatsApp that puts everything on their users' devices at risk. Which means it's almost certain that a new security flaw already exists there," said Durov. "Such issues are hardly incidental – they are planted backdoors. If one backdoor is discovered and has to be removed, another one is added."
The Telegram CEO claimed that anyone who has WhatsApp on their phone is making all their data on that device accessible, adding that he deleted WhatsApp from his devices "years ago."
Durov stressed that he was not attempting to get people to switch to Telegram, saying "Telegram doesn't need additional promotion. You can use any messaging app you like, but do stay away from WhatsApp – it has now been a surveillance tool for 13 years."
Durov has warned against using WhatsApp in the past
This isn't the first time Durov has published statements against WhatsApp.
In May 2019, Durov published an article titled "Why WhatsApp will never be secure," writing at the time that "there hasn’t been a single day in WhatsApp’s 10-year journey when this service was secure."
Pavel and his brother Nikolai founded Telegram in Russia in 2013. Pavel was forced to flee Russia in 2014 after the government attempted to pressure him into releasing data about Ukrainian protest leaders from VK, another social media platform he and his brother helped develop.
Russia has tried in the past to force Telegram to share data or block certain channels, but Telegram has refused to do so.
Telegram's cyber vulnerabilities
Telegram has suffered from vulnerabilities which hackers have exploited as well.
Earlier this year, the Mandiant cybersecurity company reported that a malware called GRAMDOOR was being used by Iranian hackers as a command and control system to distribute malware to infected systems.
The Israeli cybersecurity company Check Point warned in 2021 that hackers were increasingly using Telegram as a command and control system to distribute malware. Even when Telegram isn't installed or being used on target devices, hackers can remotely send malicious commands and operations to targets via a Telegram "bot."
The tool used, called ToxicEYE RAT, only worked if the target was infected by a malicious file the bot can communicate with. The malicious file is usually sent through email campaigns.
In 2016, Iranian hackers managed to compromise over a dozen Telegram accounts, releasing the phone numbers of some 15 million Iranian users.