For the development of its day-to-day operations, the United Nations (UN) employs multiple technological developments with the highest information security standards, including a vulnerability bounty program to solve security flaws in commonly used software solutions.
Due to the confidential nature of multiple matters dealt with by the UN, not any software or technology is eligible for the organization. Such seems to be the case of WhatsApp, a messaging service called by the UN as very unsafe to establish communication between world leaders.
According to a report mentioned by Farhan Haq, a spokesperson for the UN secretary-general, an information security firm advised the organization to avoid the use of WhatsApp due to its low security standards: “The senior UN officials have been instructed to avoid the use of WhatsApp, whose services do not have the necessary security mechanisms,” Haq said, after a reporter questioned the use of this messaging platform between heads of state.
Upon receiving questions regarding the hacking
of Amazon CEO Jeff
Bezos, allegedly perpetrated by the Crown of Saudi Arabia through
WhatsApp, Haq commented only: “We have paid sufficient attention to known
facts; we will monitor the development of this situation.”
A few months ago, an information security
report published by The Guardian revealed that Bezos’ smartphone was
compromised using a malicious file that the entrepreneur received via a
WhatsApp chat with Mohammed bin Salam Al Saud, heir to the Saudi throne.
Although Saudi Arabia has repeatedly denied
such accusations, Agnes Callamar and David Kaye, UN special rapporteurs, called
for an immediate investigation into the alleged hack. The final results are not
yet presented to the top UN officials.
Although Facebook, which owns WhatsApp, claims
that the messaging service is completely secure, the International Institute of
Cyber Security (IICS) has published multiple reports on methods of attacking
this service, mainly exploiting WhatsApp Web, the desktop version. While such
attacks involve a lot of factors, their exploitation is entirely feasible, so
ruling out such reports would be a big mistake on the part of the organization.