A new investigation has revealed that Amazon CEO Jeff Bezos’ phone was hacked, apparently from a WhatsApp account under the name of Saudi Crown Prince Mohammed bin Salman, as well as a video file that appeared to be irrelevant. The alleged hack ingress show that even on Facebook’s much-known encrypted messaging app, cybersecurity can never be guaranteed. No doubt, even if you’re not a billionaire, remember that.
The first was a report in the Guardian and the Financial Times that found that Bezos’ iPhone X had been hacked after receiving video files from WhatsApp messages in May 2018. FTI Consulting, the business consultancy that led the investigation, said it had “moderate to high confidence” in the video files from Mohammed bin Salman’s WhatsApp account. Mohammed bin Salman is also known as MBS.
According to a report compiled by FTI, the video could not be studied because of WhatsApp’s encryption capabilities, so it is not clear whether it contains malware. However, investigators observed that a large amount of unusual data was stolen from the phone shortly after the video was sent. (Data loss usually occurs without the user’s knowledge when malicious actors transfer data from the device.) This high-speed loss lasted for several months.
The Saudi government was reportedly “very concerned” about the murder of Washington Post columnist Jamal Khashoggi in October 2018, and the video was sent to The Washington Post boss Bezos at the time. CIA officials later concluded that the assassination was carried out with the approval of The Crown Prince of Saudi Arabia. The Saudi prince has denied the allegations.
Meanwhile, after The National Enquirer reported that Bezos was having an affair, suspicions began that the Saudi government had hacked Bezos’ mobile phone in February 2019. The information on which the report is based appears to be available only on Bezos’ mobile phone. Soon after, Bezos’s security team hired FTI Consulting to investigate his phone.
Some sources further confirmed that MBS had hacked Into Bezos’ phone: mbise sent him a message via WhatsApp shortly after he was told on the phone that he might be wiretapped by the Saudi government. “Jeff, everything you hear or is told is not true, and it’s only a matter of time before you realize that the truth is only a matter of time – neither I nor the Saudi Arabia behind me has done anything,” he says. ”
The release of the FTI report has also attracted the attention of two U.N. human rights experts who have called for further investigation into allegations that MBS hacked Bezos’ phones. At the same time, the potential link between phone-hacking and Khashoggi’s murder does not appear to have disappeared from Bezos.
MBS allegedly used WhatsApp to communicate with a number of high-profile figures, including Boris Johnson, Richard Branson and President Trump’s son-in-law, Jared Kushner. Other tech leaders and executives are concerned about undiscovered attacks, a Silicon Valley executive said. After all, MBS met several of them during a visit to the region in April 2018 , including Sergey Brin, Tim Cook and Peter Thiel.
Since it happens to Bezos, it means it can happen to you too – so here’s what you should keep in mind.
With the intricate revelations between Bezos and MBS, it is easy to see the information breach as yet another high-profile hacking attack. It is worth noting, however, that the hack took place inside WhatsApp. For those worried that their information could be intercepted by hackers, WhatsApp claims to be a safe option. WhatsApp even said in its FAQ: “It is our duty to protect the privacy and security of our users.” WhatsApp did not respond to a request for comment. )
In part, WhatsApp is one of the world’s most popular apps, with about 1.5 billion active users worldwide as of February 2018, thanks to the privacy and security promised to users. Its main security feature is end-to-end encryption, which means that messages can only be seen by senders and receivers during transmission – anyone who intercepts them receives an unreadable encrypted file. Even WhatsApp can’t read users’ information.
However, as the Bezos hack shows, this additional layer of protection is not exactly equivalent to absolute security. Assuming the report’s conclusion is correct, end-to-end encryption works well: FTI cannot decrypt files sent to MBS accounts. But good encryption didn’t stop Bezos’ phone from sending gigabytes of data to a malicious actor in the weeks after the video file was sent.
It’s worth noting that WhatsApp’s default settings allow Bezos’ phone to automatically download video files – and any malware in it. Therefore, you can choose to opt out of this feature to help prevent similar things from happening to you.
The story of Bezos’s hacking may seem worrying, but WhatsApp users who are concerned about security may not want to delete the app. Despite WhatsApp’s ups and downs, several security experts say they don’t think the app has a particularly big problem.
“This doesn’t mean there’s a vulnerability in WhatsApp,” said Eva Galperin, head of cyber security at the Electronic Frontier Foundation. When a trusted contact sends you a well-designed malicious link, they can’t do anything. ”
Maya Levine, a security engineer at check Point, a cybersecurity firm, said WhatsApp’s flaws were not serious. The Facebook-affiliated app is just an attractive one, and it makes it more likely that its vulnerabilities will be exposed.
“It’s encrypted information, which means that if you can successfully crack WhatsApp, you get a lot of information,” Levine said. WhatsApp is probably the world’s most popular encrypted messaging app, which is why it is more likely to be targeted by hackers. But I wouldn’t assert that it’s unsafe. ”
Paul Ducklin, lead researcher at sophos, a cybersecurity firm, says the best way for the average person to deal with it is not to be blinded by a false sense of security and not to think that you are not being targeted by a typical hacker attack. He also said that even apps with privacy features are not 100% secure.
“Unfortunately, no one is absolutely safe in cybercrime, and the software you use is not 100 percent vulnerable,” Says Ducklin. Sometimes people can use WhatsApp or any similar program, and once they find out that they have all these encryption features, and that encryption refers to the encryption of what you interact with, they assume that the messages will always be safe. We should know that it is important not to overly listen to a technology that protects you more than it really can do. ”
Although nothing is foolproof, there are things you can do to reduce risk.
“Keep your phone’s operating system and apps up to date,” Levine says. The update will contain security patches to fix bugs and vulnerabilities, and this update is typically available shortly after the vulnerability and vulnerability are discovered.
Despite WhatsApp’s security problems , which is not the only encrypted messaging app , Galperin says users should not give it up . Last May, she wrote an article about another WhatsApp vulnerability in which she still advises people to continue using end-to-end encrypted messaging apps, which she says is “one of the most effective ways to protect the content of information,” at least for “most people.”
At the same time, Ducklin says, the best way to prevent sensitive information from being stolen from your phone is also a long-standing way to release it. Think again about what you want to share and who you want to share with.
While Bezos is in crisis because of being a unique and satisfying target for hacking, even a fairly secure application, whoever puts all trust on one application, is dangerous.
“You can’t be 100 percent safe with encryption applications,” says Ducklin. “