Sean64 (Sean)
2019-11-21 02:04:23※ [本文转录自 Instant_Mess 看板 #1TrN-2uZ ]
稍早 Telegram 创办人 Durov 又在他的个人频道开呛了,这边简单翻译了一下:
今年五月,我预测 WhatsApp 将会继续被爆出后门,严重的安全问题一个接着一个出现,就跟过往纪录一样 [1]。
这周新的后门又悄悄地被发现了 [2],就像前两次被发现的后门,
这漏洞允许你手机上所有资料都让黑客及政府探员看爽爽,只要发个影片给你,所有资料都落入攻击者手中了 [3]。
In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].
WhatsApp 不仅无法保护您的讯息安全,而且还一直作为特洛伊木马来监视您 WhatsApp 外的照片和讯息。
他们为何这么做?Facebook 在收购 WhatsApp 之前就已经成为美帝棱镜计划的一员 [4][5]。
要是觉得被收购后政策会转弯就太天真了,尤其在 WhatsApp 创办人承认“我卖了所有使用者的隐私”后 [6]。
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy”
在本周被爆出此后门后,Facebook 坚称没有黑客成功利用后门的证据,试图使混淆民众视听 [7]。
当然没所谓的证据啦,想取得证据的话,要先能分析 WhatsApp 使用者分享的影片,
然而这并不会永久保存在他的服务器上(而是透过 Google 及 Apple 的服务器传送明码的讯息及影片 [8])。
蒸蚌,都不用分析影响范围了 - 没证据?真方便
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers). So – nothing to analyze – “no evidence”. Convenient.
但请放心,这么大的资安漏洞肯定早晚会被发现,就像之前用来反对人权运动及某些天真的记者一样 [9][10]。
今年九月有报导指出这些透过漏洞取得的资料会分享给美国探员们 [11][12]。
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
尽管有愈来愈多的证据显示 WhatsApp 是个钓个资的蜜罐(honeypot),专门骗那些到了 2019 仍相信 Facebook 的人,
我相信 Telegram 在整体复杂度跟 WhatsApp 相似,但推出六年以来没有出过半个 WhatsApp 等级的纰漏。
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for
surveillance, on a regular basis.
无论 WhatsApp 母公司的内心意图是什么,对使用者的建议都一样:
除非你觉得你所有照片、讯息有天全被赤裸裸的公开在网络上很酷,否则你该从手机中把 WhatsApp 删了。
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[0] 此篇 Durov 频道原文
[1] 为何 WhatsApp 永远不可能安全
[2] WhatsApp 使用者急着更新程式以免监控威胁
[3] WhatsApp 的 Android 及 iOS 使用者现正遭受有害影片的威胁
[4] 关于棱镜计划你该知道的事
[5] 美国 NSA 国安局从九大科技公司索取资料
[6] WhatsApp 创办人:我卖了所有使用者的隐私
[7] 黑客可用 WhatsApp 处理影片的漏洞取得你手机控制权
[8] WhatsApp 储存未加密的备份资料在你的 Google Drive 云端硬盘
[9] 上百位使用 WhatsApp 的记者、异议人士遭骇
[10] 独家:各国政府官员的 WhatsApp 遭骇
[11] 检警可以透过美国当局取得嫌疑犯的 Facebook 及 WhatsApp 讯息
[12] Facebook、WhatsApp 将与英国警察分享讯息资料
转贴自 Telegram 频道: