Team Sociating
by on January 24, 2020

United Nations (UN) employees are strongely advised not to use Facebook-owned messaging app WhatsApp. It considers the software insecure. The UN has warned staff about this since June 2019. According to the UN experts Israeli spyware was likely used.

The  UN spokesperson answered questions from Reuters (1) news agency after the UN (2) had called for an investigation into the mobile hack of Amazon founder Jeff Bezos. Bezos was hit in a 2018. Sources have reported The Guardian (3) that the crown prince of Saudi Arabia would be behind it.

Spyware tools are believed to have been previously used by Saudi officials. Malware attacks can generally be difficult to prevent because, in some cases, the target doesn't even need to click on a link or download a file to become infected. 

The hack may be linked with the 2018 assassination of Jamal Khashoggi, who was a journalist from The Washington Post, owned by Bezos since 2013. According to the New York Times (4) Bezos' whatsapp account was hacked after opening a videofile. The message included a 4.22 MB video supposedly sent by the crown prince Bin Salman. Hidden in that file was a separate bit of code that most likely implanted malware that gave attackers access to the Amazon CEO's entire phone, including his photos and private communications. By this, large amounts of data were transferred from the phone of the richest man in the world within a few hours. 

The Guardian reports after a digital review and interviews with anonymous sources that it is plausible that the crown prince intentionally sent the file. However The British newspaper does not know of the nature of the messages that were hacked. The Jeff Bezos phone hack proves that anyone can fall victim to attacks on cybersecurity. 

The US Saudi Embassy has denied involvement in the hack, calling the allegations “absurd" and wants an investigation.

It's not the first time that WhatsApp is dragged into a hacking scandal. Facebook sued Israeli spyware manufacturer NSO Group (maker of the Pegasus-3 malware) in November last year, accusing it of infecting several  users' phones via the messaging app. Allegedly the NSO Group used a flaw in WhatsApp to secretly distribute its apps for surveillance software to users. NSO refuted the allegations and said it would fight them firmly. 

Regarding the latest information about the "Bezos hack" and the danger of being drawn into speculation, NSO states that it is "shocked and appalled by the story that has been published with respect to alleged hacking of the phone of Mr. Jeff Bezos. If this story is true, then it deserves a full investigation by all bodies providing such services to assure that their systems have not been used in this abuse. Just as we stated when these stories first surfaced months ago, we can say unequivocally that our technology was not used in this instance. (5)"  

Like (1)