Officials at the United Nations have banned any use of Whatsapp to communicate as part of duties. Speaking to Reuters, a UN spokesman said Whatsapp was “not supported as a secure mechanism”, a statement that has led Whatsapp and some notable cybersecurity companies to respond in protest. The banning comes on the tail of UN experts accusing Saudia Arabia of being responsible for hacking Amazon CEO Jeff Bezos’ phone using the platform.
But with the banning of WhatsApp, what does this mean for UN security moving forward? Whatsapp is one of the most commonly used communication applications on Earth, how can the UN properly ensure security is in place?
The Jeff Bezos Hacking Aftermath
In May 2018, it was discovered that Jeff Bezos received a malicious video file on Whatsapp from Saudi Crown Prince Mohammed bin Salman. Based on an investigation by his own forensic team, which was verified by the UN’s own investigators, the video soon caused his phone to transfer over six gigabytes of sensitive data from Bezos’ phone. The data included personal texts that were soon leaked to the press. Many assumed the motive for the cyber attack stemmed from Bezos’ defense of Jamal Khashoggi and his incrimination of Saudi Arabia in his newspapers.
The hacking gained immediate press across the world, arousing stern condemnations from the UN and protests of innocence from Saudi Arabia. It also introduced the idea that Whatsapp might not be secure as many once thought, especially when it came to the needs of the UN. This was best encapsulated by UN spokesman Farhan Haq when he was asked whether the communication device was used for UN correspondence. He replied that it was “not supported as a secure mechanism.’
Naturally, the Facebook-owned company WhatsApp took umbrage to this comment and made strong replies in an attempt to take basic steps toward managing its reputation. In a statement, Director of Communications Carl Woog said that the company provides an unrivaled level of security to its 1.5 billion users around the world. He continued, saying “every private message is encrypted with end-to-end encryption to help prevent … others from viewing chats.”
Alongside Whatsapp, the ban by the UN has left many cybersecurity experts confused. Many concede that every application has its own particular weaknesses and vulnerabilities.
Whatsapp has always been particularly efficient at fixing them. As the world goes increasingly online, it’s not uncommon to see notable hacks take place on widely used platforms or technologies. WordPress, SaaS platforms, and even antivirus companies have become victims of hacks. For many, the question isn’t whether these platforms are too vulnerable, it’s how quickly their vulnerabilities are treated.
How WhatsApp Encryption Works
In an effort to understand where the UN can go to for their security precautions, it’s important to understand what they’ve rejected. After all, if WhatsApp is as secure as people say, where can the UN go next?
WhatsApp uses E2EE (end-to-end encryption), which protects any messages or personal data so that it can only be read by the sender or the recipient. Messages cannot be read anyone in-between. So while the memes might claim that Mark Zuckerberg is reading every group chat, this is unlikely to be the case.
E2EE has become a mainstay in online privacy, especially when it comes to securing communication. Each message is secured behind locks, and only the recipient and the sender have the keys to open the lock. Nobody else. This is based on the Signal Protocol, which was developed by Open Whisper Systems. Each encryption process takes place on the device that initiated the message, and two public and private keys are generated. Unless a hacker can access the message in transit, and get through the encryption, they won’t be able to read a thing. Needless to say, this is incredibly unlikely.
This brings an obvious issue with the UNs decision to light. It wasn’t necessarily a fault of WhatsApp that Jeff Bezos’ phone fell victim to a hack. It was simply a case of WhatsApp being party to the sending of a malicious file that carried out the hack itself.
With this in mind, is there a communication platform that combines the strengths of Whatsapp with more resilience to dangerous files?
What Could the UN Use in the Future?
There are many popular alternatives to WhatsApp that the UN may choose to use for its communications. Signal, Threema, and Telegram are all highly secure, with Signal having open-source encryption that allows it to be strengthened by countless hours of user testing. The app’s security is regularly audited and kept up to date at a rate no other app can match. Compared to most other apps, there are next to no security risks, so, as a platform, the UN could do worse than opt for Signal.
Another option would be apps like Wickr Me and Dust. Both come with E2EE encryption and also alert the user when someone has taken a screenshot of the chat. A potentially useful feature for diplomats unsure of another’s agenda. Likewise, both apps can prevent any deleted files from being recovered, giving the user far more control over what is permanently stored within the chat log.
Any of these platforms would make it difficult for any device to be prey to a malicious hack or malware infection, but it’s also impossible to say that any platform would grant complete immunity. On top of any new technology, the UN (and Jeff Bezos) must take steps to scan any incoming media from potentially hostile agents, even if they may seem benign. Just as technologies get more advanced to stop hackers, hackers get more advanced in their methods of attack, so security must exist in the user’s behavior, not just their communication app.
While WhatsApp remains a secure messaging platform, and the UN’s decision to ban it is somewhat unnecessary, there are still plenty of secure options the UN can choose to use moving forward. Although Whatsapp’s reputation may be damaged by the banning, the app remains popular, and as long as security remains a priority, fewer and fewer hacks are going to take place.