稍早 Telegram 創辦人 Durov 又在他的個人頻道開嗆了,這邊簡單翻譯了一下:
今年五月,我預測 WhatsApp 將會繼續被爆出後門,嚴重的安全問題一個接著一個出現,就跟過往紀錄一樣 [1]。
這週新的後門又悄悄地被發現了 [2],就像前兩次被發現的後門,
這漏洞允許你手機上所有資料都讓黑客及政府探員看爽爽,只要發個影片給你,所有資料都落入攻擊者手中了 [3]。
In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].
WhatsApp 不僅無法保護您的訊息安全,而且還一直作為特洛伊木馬來監視您 WhatsApp 外的照片和訊息。
他們為何這麼做?Facebook 在收購 WhatsApp 之前就已經成為美帝稜鏡計劃的一員 [4][5]。
要是覺得被收購後政策會轉彎就太天真了,尤其在 WhatsApp 創辦人承認「我賣了所有使用者的隱私」後 [6]。
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy”
[6].
在本週被爆出此後門後,Facebook 堅稱沒有黑客成功利用後門的證據,試圖使混淆民眾視聽 [7]。
當然沒所謂的證據啦,想取得證據的話,要先能分析 WhatsApp 使用者分享的影片,
然而這並不會永久保存在他的伺服器上(而是透過 Google 及 Apple 的伺服器傳送明碼的訊息及影片 [8])。
蒸蚌,都不用分析影響範圍了 - 沒證據?真方便
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers). So – nothing to analyze – “no evidence”. Convenient.
但請放心,這麼大的資安漏洞肯定早晚會被發現,就像之前用來反對人權運動及某些天真的記者一樣 [9][10]。
今年九月有報導指出這些透過漏洞取得的資料會分享給美國探員們 [11][12]。
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
儘管有愈來愈多的證據顯示 WhatsApp 是個釣個資的蜜罐(honeypot),專門騙那些到了 2019 仍相信 Facebook 的人,
但以善意推定來說,也可能只是不小心在所有程式都寫出了嚴重的資安漏洞。
我相信 Telegram 在整體複雜度跟 WhatsApp 相似,但推出六年以來沒有出過半個 WhatsApp 等級的紕漏。
非常不可能有人會不小心地犯下大型資安問題、常態性地為監控者開方便的小徑。
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for
surveillance, on a regular basis.
無論 WhatsApp 母公司的內心意圖是什麼,對使用者的建議都一樣:
除非你覺得你所有照片、訊息有天全被赤裸裸的公開在網路上很酷,否則你該從手機中把 WhatsApp 刪了。
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
引用連結:
[0] 此篇 Durov 頻道原文
https://t.me/durov/109
[1] 為何 WhatsApp 永遠不可能安全
https://tg.pe/Dx1
[2] WhatsApp 使用者急著更新程式以免監控威脅
https://tg.pe/Dx2
[3] WhatsApp 的 Android 及 iOS 使用者現正遭受有害影片的威脅
https://tg.pe/Dx3
[4] 關於稜鏡計劃你該知道的事
https://tg.pe/Dx4
[5] 美國 NSA 國安局從九大科技公司索取資料
https://tg.pe/Dx5
[6] WhatsApp 創辦人:我賣了所有使用者的隱私
https://tg.pe/Dx6
[7] 黑客可用 WhatsApp 處理影片的漏洞取得你手機控制權
https://tg.pe/Dx7
[8] WhatsApp 儲存未加密的備份資料在你的 Google Drive 雲端硬碟
https://tg.pe/Dx8
[9] 上百位使用 WhatsApp 的記者、異議人士遭駭
https://tg.pe/Dx9
[10] 獨家:各國政府官員的 WhatsApp 遭駭
https://tg.pe/DxA
[11] 檢警可以透過美國當局取得嫌疑犯的 Facebook 及 WhatsApp 訊息
https://tg.pe/DxB
[12] Facebook、WhatsApp 將與英國警察分享訊息資料
https://tg.pe/DxC
轉貼自 Telegram 頻道:
https://t.me/SeanChannel/92