Security researchers have criticised Facebook’s head of communications, Sir Nick Clegg, for his response to the hacking of Amazon chief Jeff Bezos.
Mr Bezos’ phone was hacked in May 2018 after he received a WhatsApp message loaded with malware.
But in an interview with the BBC, Sir Nick said WhatsApp’s encrypted messages could “not be hacked into”.
And he failed to acknowledge security flaws in the app that had let hackers compromise their target’s smartphones.
“Nobody tell Nick Clegg about how exploits work,” joked cyber-security researcher Kevin Beaumont.
Mr Bezos’ phone was compromised after he received a WhatsApp message containing a malicious file from the personal number of Saudi Arabia’s crown prince Mohammed bin Salman, according to the Guardian newspaper which broke the story.
An investigation suggested the phone secretly started sharing huge amounts of data after he received the message.
The kingdom’s US embassy has described the allegations as “absurd”.
When asked about the hack in an interview with BBC Radio 4’s Today programme, Sir Nick said: “It can’t have been anything when the message was sent in transit because that’s end-to-end encrypted on WhatsApp.
“We’re as sure as you can be that the technology of end-to-end encryption cannot… be hacked into.”
But cyber-security researchers have pointed out that security flaws in WhatsApp’s software have previously been discovered.
Two significant problems were disclosed in 2019.
One let hackers remotely install surveillance software on phones just by initiating a voice call, even if the recipient did not answer.
- WhatsApp discovers ‘targeted’ surveillance attack
- ‘I was a victim of the WhatsApp hack’
Another let surveillance tools be deployed by sending the recipient an infected MP4 video clip.
Sir Nick told the BBC: “If someone sends you a malicious email, it only comes to life when you open it.”
However, some of the most significant vulnerabilities in WhatsApp let hackers install their malware without the recipient doing anything at all.
The BBC has contacted Facebook for comment.