The United Nations has declared WhatsApp as extremely unsafe to use

For the development of its day-to-day operations, the United Nations (UN) employs multiple technological developments with the highest information security standards, including a vulnerability bounty program to solve security flaws in commonly used software solutions.

Due to the confidential nature of multiple matters dealt with by the UN, not any software or technology is eligible for the organization. Such seems to be the case of WhatsApp, a messaging service called by the UN as very unsafe to establish communication between world leaders.

According to a report mentioned by Farhan Haq, a spokesperson for the UN secretary-general, an information security firm advised the organization to avoid the use of WhatsApp due to its low security standards: “The senior UN officials have been instructed to avoid the use of WhatsApp, whose services do not have the necessary security mechanisms,” Haq said, after a reporter questioned the use of this messaging platform between heads of state.

Farhan Haq during a press conference

Upon receiving questions regarding the hacking of Amazon CEO Jeff Bezos, allegedly perpetrated by the Crown of Saudi Arabia through WhatsApp, Haq commented only: “We have paid sufficient attention to known facts; we will monitor the development of this situation.”

A few months ago, an information security report published by The Guardian revealed that Bezos’ smartphone was compromised using a malicious file that the entrepreneur received via a WhatsApp chat with Mohammed bin Salam Al Saud, heir to the Saudi throne.

Although Saudi Arabia has repeatedly denied such accusations, Agnes Callamar and David Kaye, UN special rapporteurs, called for an immediate investigation into the alleged hack. The final results are not yet presented to the top UN officials.

Although Facebook, which owns WhatsApp, claims that the messaging service is completely secure, the International Institute of Cyber Security (IICS) has published multiple reports on methods of attacking this service, mainly exploiting WhatsApp Web, the desktop version. While such attacks involve a lot of factors, their exploitation is entirely feasible, so ruling out such reports would be a big mistake on the part of the organization.