Bezos WhatsApp hack: Is your phone at risk of being hacked?

Cyber experts say Pegasus spyware built by Israeli firm NSO infiltrated Amazon billionaire’s phone

Anthony Cuthbertson
Wednesday 22 January 2020 18:08
Comments
Saudi Arabia has denied claims it targeted Jeff Bezos
Saudi Arabia has denied claims it targeted Jeff Bezos

The secrets of the world’s richest man were allegedly compromised by a single WhatsApp message, leading to fears that the popular chat app may not be as secure as it claims.

The message, reportedly sent from the phone number of Saudi crown prince Mohammed bin Salman, targeted the phone of Jeff Bezos, though the hacking attack was so advanced that the Amazon founder may not have even noticed that it took place.

Cyber security experts believe the infiltration was achieved using Pegasus, a cyber weapon developed by Israeli company NSO.

It can be sent across messaging platforms like WhatsApp in the form of an innocuous-looking file, such as a photo or video, and can be executed on the target’s device without them even realising.

Jake Moore, a cyber security specialist at antivirus firm ESET, said the reported attack on Bezos had “all the hallmarks” of Pegasus spyware.

“When Pegasus is run on a device you will likely have no idea of what has just happened, so no doubt Bezos was unaware what had just occurred,” he said.

A report filed to the UN Human Rights Council last June proposed a ban on the use of such hacking tools, claiming the technology is a “paradigmatic example” of surveillance tools being used in European and Middle Eastern countries.

While anyone could be targeted by the sophisticated malware, the cost of acquiring it from NSO means it is likely only to be used by state intelligence agencies or other well-funded organisations. This means victims will be specific individuals of particular interest to the attacker.

“People of high value or wealth need to be extremely cautious of such tactics used,” Mr Moore said. “Bezos may well have innocently clicked on the file in the message, but extreme caution should always be adhered to whenever something is received. Although difficult to reduce the risk, anyone who is a possible target, including people in the media and politicians, should always be aware of the risks.”

Despite advanced hacking attempts across WhatsApp and other popular apps being rare, security experts consistently warn users to be wary of any files and attachments they receive.

Jeff Bezos (left) and Saudi Arabia's crown prince Mohammad bin Salman

Saudi Arabia has denied reports that the crown prince was responsible for the attack on Mr Bezos’s phone, calling the allegations “absurd”, while NSO also said that its software was not used.

“We know this because our software cannot be used on US phone numbers,” the firm said in a statement. “Our technology, which is only licensed to prevent or investigate crime and terror, was not used by any of our customers to target Mr Bezos’s phone.”

The surveillance tool was previously used to monitor murdered Saudi journalist Jamal Khashoggi, according to a lawsuit brought by Amnesty International, though NSO also denies these claims.

NSO co-founder Shalev Hulio said last year that Pegasus was designed to help governments fight crime and uncover terrorist networks, claiming it has saved the lives of “tens of thousands of people” by foiling jihadist attacks.

It is not clear if WhatsApp has fixed any potential security vulnerabilities that may have allowed a file infected with Pegasus malware to be sent across its platform. The Facebook-owned company did not respond to a request for comment from The Independent.

In October, the popular messaging app filed a lawsuit against NSO for allegedly sending malware to 1,400 mobile phones capable of breaking WhatsApp’s end-to-end encryption.

The lawsuit claimed NSO “developed their malware in order to access messages and other communications after they were decrypted on target devices”.

WhatsApp has since patched the vulnerability detailed in the lawsuit.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in