# Whatsapp backdoors **A new backdoor ("spydoor") in WhatsApp** Backdoors in WhatsApp are nothing new: one serious security issue follows another, as [it did in the past](https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15). Last week [a new backdoor was quietly found in WhatsApp](https://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-update-latest-spying-security-spyware-india-cert-nso-a9210236.html). Just like the previous WhatsApp backdoor, and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and [all your data was at the attacker’s mercy](https://in.mashable.com/tech/8573/whatsapp-android-and-ios-users-are-now-at-risk-from-malicious-video-files). WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? [Facebook has been part of surveillance programs long before it acquired WhatsApp](https://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet) ([see also here](https://www.usatoday.com/story/news/2013/06/06/nsa-surveillance-internet-companies/2398345/)). It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: [“I sold my users’ privacy”](https://mashable.com/article/brian-acton-whatsapp-interview/). **Exploits in the wild, despite Facebooks feeble attempt to deny** Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that [the backdoor had been exploited by hackers](https://www.techspot.com/news/82843-hackers-can-use-whatsapp-flaw-way-handles-video.html). Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends [unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers](https://www.theinquirer.net/inquirer/news/3061660/whatsapp-is-storing-unencrypted-backup-data-on-google-drive)). So – nothing to analyze – “no evidence”. Convenient. But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like [the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users](https://www.ft.com/content/67a5b442-f971-11e9-a354-36acbbb0d9b6) ([see also here](https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup-excl/exclusive-government-officials-around-the-globe-targeted-for-hacking-through-whatsapp-sources-idUSKBN1XA27H)). **Governments are sharing data spied using Whatsapp against dissidents** It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors [will now be shared with other countries by US agencies](https://www.thetimes.co.uk/edition/news/police-can-access-suspects-facebook-and-whatsapp-messages-in-deal-with-us-q7lrfmchz) ([see also here](https://www.bloomberg.com/news/articles/2019-09-28/facebook-whatsapp-will-have-to-share-messages-with-u-k-police)). **This is not an accident** Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. Given the security record of other apps, such as Matrix, Signal, Wire, and Telegram, in combination with Facebook having an army of smart people working on this, this appears doubtful. Plus, there is compliance and auditing in place, and It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis. **Delete WhatsApp. Delete Facebook.** Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with **all** your photos, messages, contacts, and other data stored on your smartphone becoming public one day, you should delete WhatsApp from your phone. ###### tags: `old`