What’s the story?
The media is reporting that an investigation has concluded that Jeff Bezos’s smartphone was hacked after receiving a WhatsApp message containing a video from Mohammed bin Salman.
Jeff Bezos, the billionaire who founded Amazon?
That’s the one. He also owns the Washington Post.
Mohammed bin Salman, the crown prince of Saudi Arabia?
That’s the chap. Also known as “MBS”, he effectively runs Saudi Arabia.
They WhatsApp each other?
When did this happen?
The alleged hack is said to have happened five months before the murder of Washington Post journalist Jamal Khashoggi at the Saudi consulate in Istanbul in October 2018.
Sheez. So how do they say the hack of Jeff Bezos’s smartphone happened?
Here’s what The Guardian reports:
The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.
This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.
The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.
Large amounts of data were exfiltrated from Bezos’s phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.
Exploiting a vulnerability I guess? Do we know how it was done?
A possible contender is the Pegasus spyware, developed by the Israeli “cyber warfare” firm NSO Group.
For instance, you may recall that in May 2019, a serious security vulnerability was uncovered in WhatsApp that was allegedly being exploited by nation states to spy on people of interest. Spyware developed by NSO Group is thought to have exploited that buffer overflow vulnerability to steal messages, address books, email archive, browser history, GPS location, and even hijacking a smartphone’s camera and microphone.
It was a huge story at the time, and I remember many members of the media contacted me to talk about it.
"Good Morning Britain" asked me to speak about the WhatsApp security issue this morning. I declined. After all, they have their own phone hacking expert… pic.twitter.com/paeJmF9hDw
— Graham Cluley (@gcluley) May 14, 2019
There have been other security flaws found in smartphone operating systems over the years which exploited bugs in media-handling code to infect devices.
What was hacked from Jeff Bezos’s smartphone?
My guess would be that if the Amazon founder’s phone was targeted the hackers behind the attack would seize everything they could. Messages, address books, calendars, even pictures on his photo roll…
In January 2019, Jeff Bezos and his wife Mackenzie announced they were divorcing after 25 years of marriage.
— Jeff Bezos (@JeffBezos) January 9, 2019
Within hours sleazy US supermarket tabloid the National Enquirer revealed that it had been investigating Jeff Bezos’s personal life for four months, and said its next edition would include 11 pages of private photos and x-rated text messages.
It was widely understood that Bezos was prompted to go public with his divorce plans by his knowledge of the impending National Enquirer story.
One month later, Jeff Bezos posted what must have been an uncomfortable blog article on Medium.
In it he claimed the National Enquirer had attempted to blackmail him with stories of his relationship with Lauren Sanchez (the woman he was having an affair with) and the intimate selfie pics of the Amazon boss that had somehow fallen into their possession.
Are you suggesting Saudi Arabia might have given those embarrassing photos to the National Enquirer? Perhaps to embarrass the owner of the Washington Post?
You might think that, I couldn’t possibly comment.
So what’s Saudi Arabia saying about all this?
Oh, it’s denying everything.
Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos' phone are absurd. We call for an investigation on these claims so that we can have all the facts out.
— Saudi Embassy (@SaudiEmbassyUSA) January 22, 2020
What a tangled web! Will there be more developments?
Almost certainly. On Friday a new documentary called “The Dissident” will have its premiere, promising to tell us more about the scandal surrounding the death of journalist Jamal Khashoggi.
Could I be a victim of a similar hack?
Undoubtedly. Nation states and intelligence agencies have considerable resources, and if they really want to spy on you – they will find a way to spy on you. They won’t give up trying easily, and will not have any qualms about exploiting as yet undisclosed vulnerabilities.
The only good news, for most of us, is that those most likely to be targeted by a nation state are those in positions of power and influence, troublesome journalists, and those who work for governments, public services, and the military.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.