Jeff Bezos, WhatsApp, and Mohammed bin Salman – what you need to know

Graham Cluley
@gcluley

What’s the story?
The media is reporting that an investigation has concluded that Jeff Bezos’s smartphone was hacked after receiving a WhatsApp message containing a video from Mohammed bin Salman.

Jeff Bezos, the billionaire who founded Amazon?
That’s the one. He also owns the Washington Post.

Mohammed bin Salman, the crown prince of Saudi Arabia?
That’s the chap. Also known as “MBS”, he effectively runs Saudi Arabia.

Sign up to our newsletter
Security news, advice, and tips.

They WhatsApp each other?
Apparently so!

When did this happen?
The alleged hack is said to have happened five months before the murder of Washington Post journalist Jamal Khashoggi at the Saudi consulate in Istanbul in October 2018.

Sheez. So how do they say the hack of Jeff Bezos’s smartphone happened?
Here’s what The Guardian reports:

The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.

This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.

Large amounts of data were exfiltrated from Bezos’s phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.

Exploiting a vulnerability I guess? Do we know how it was done?
A possible contender is the Pegasus spyware, developed by the Israeli “cyber warfare” firm NSO Group.

For instance, you may recall that in May 2019, a serious security vulnerability was uncovered in WhatsApp that was allegedly being exploited by nation states to spy on people of interest. Spyware developed by NSO Group is thought to have exploited that buffer overflow vulnerability to steal messages, address books, email archive, browser history, GPS location, and even hijacking a smartphone’s camera and microphone.

It was a huge story at the time, and I remember many members of the media contacted me to talk about it.

There have been other security flaws found in smartphone operating systems over the years which exploited bugs in media-handling code to infect devices.

What was hacked from Jeff Bezos’s smartphone?
My guess would be that if the Amazon founder’s phone was targeted the hackers behind the attack would seize everything they could. Messages, address books, calendars, even pictures on his photo roll…

Photos?
Ahh, yes.

In January 2019, Jeff Bezos and his wife Mackenzie announced they were divorcing after 25 years of marriage.

Within hours sleazy US supermarket tabloid the National Enquirer revealed that it had been investigating Jeff Bezos’s personal life for four months, and said its next edition would include 11 pages of private photos and x-rated text messages.

It was widely understood that Bezos was prompted to go public with his divorce plans by his knowledge of the impending National Enquirer story.

One month later, Jeff Bezos posted what must have been an uncomfortable blog article on Medium.

In it he claimed the National Enquirer had attempted to blackmail him with stories of his relationship with Lauren Sanchez (the woman he was having an affair with) and the intimate selfie pics of the Amazon boss that had somehow fallen into their possession.

Are you suggesting Saudi Arabia might have given those embarrassing photos to the National Enquirer? Perhaps to embarrass the owner of the Washington Post?
You might think that, I couldn’t possibly comment.

So what’s Saudi Arabia saying about all this?
Oh, it’s denying everything.

What a tangled web! Will there be more developments?
Almost certainly. On Friday a new documentary called “The Dissident” will have its premiere, promising to tell us more about the scandal surrounding the death of journalist Jamal Khashoggi.

Could I be a victim of a similar hack?
Undoubtedly. Nation states and intelligence agencies have considerable resources, and if they really want to spy on you – they will find a way to spy on you. They won’t give up trying easily, and will not have any qualms about exploiting as yet undisclosed vulnerabilities.

The only good news, for most of us, is that those most likely to be targeted by a nation state are those in positions of power and influence, troublesome journalists, and those who work for governments, public services, and the military.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One comment on “Jeff Bezos, WhatsApp, and Mohammed bin Salman – what you need to know”

  1. Perhaps those in important positions should go back to the BlackBerry and use a real time scanner to verify the attachments are not compromised.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.