Facebook-owned WhatsApp landed in a major trouble recently in the wake of the Pegasus Spyware cyber attacks. The hack not only affected the company's revenue, but it raised fresh concerns regarding privacy violations.
Now, reports suggest that WhatsApp's rival apps Telegram and Signal are also vulnerable to cyber attacks. As per the report, published in IANS, Telegram conversations are not encrypted end-to-end unlike WhatsApp by default. Users will have to select the 'Secret Chat' feature in the app for additional security. However, researchers state that the feature does not guarantee any safety or security.
A recent research by the Massachusetts Institute of Technology (MIT) brought into the light the pitfalls in Telegram app. The study stated that the app, founded in 2013 by Nikolai and Pavel Duvrov, uses its own proprietary messaging protocol called 'MTProto', which lacks scrutiny from third-party cryptographers.
MIT researchers Hayk Saribekyan and Akaki Margvelashvili further added that Telegram uses the conventional approach of using a Cloud Storage for its data, which means that if an adversary is able to gain control of a user's server system, they can very easily access the unencrypted data and definitely the metadata of the messages and chats.
The hidden hazards do not end here. The app initially asks for the contact list from mobile phones or desktop devices and stores them in the servers, which in turn provides huge social network information for the app developers and many third-party users. The data can be even sold to different organizations and authorities without the user's consent.
MIT scholars add further that even when we use the 'Secret Chat' feature in Telegram, hackers can easily get access to the metadata of the messages and start their precarious activities.
Prasanto K. Roy, leading tech policy and media consultant, told IANS that WhatsApp quickly fixed the issue after the Pegasus spyware scandal and informed the users and governmental organizations regarding the concealed dangers of the menace. It also initiated legal proceedings. But that's not the case for Telegram and Signal. If these apps get hit with cyber attacks, they probably don't have the enough resources to mitigate them.
Just like its parent organization Facebook, WhatsApp's reputation took a major hit after it revealed that its platform hacked using Israel-based surveillance company NSO Group's Pegasus spyware. WhatsApp said that around 1,400 people in 20 different countries were targeted by the Pegasus spyware for a 14-day period from April-end to mid of May. It added that the spyware was used to exploit the vulnerability in its video-calling feature to conduct cyber attacks.
Earlier on October 29, WhatsApp announced that it would sue NSO for selling Pegasus software. The scandal escalated into a major political row in India after reports suggested that Pegasus was used to spy on 121 Indian citizens, mostly journalists and activists. The government of India has asked WhatsApp to explain the breach of privacy amid growing public outcry in the country.
So, even when people have drifted to Telegram and Signal looking for better security options, the dangers of snooping always linger around.