A shockingly simple theory on how Jeff Bezos' phone could have been hacked, from two private investigators

It could have been a world-class hacker — or it could have been something much simpler and more troubling

Tyler Maroney
New York
,David Burghauser
Thursday 23 January 2020 20:43
Comments
Bezos was previously pictured with Mohammed bin Salman in seemingly friendly situations
Bezos was previously pictured with Mohammed bin Salman in seemingly friendly situations

Since the news broke Wednesday that Jeff Bezos’s phone was hacked— perhaps by someone with access to Saudi Arabia’s Crown Prince Mohammed bin Salman’s phone — the internet has been ablaze with speculation about why and how such powerful figures would engage in high-stakes cyber warfare. Blackmail material? A favor for the American president? Revenge for The Washington Post’s reporting on the assassination of Saudi dissident Jamal Khashoggi? (Bezos owns the Post.)

The identity of the villain and the motive behind the daring electronic smash-and-grab may be elusive for now, but the explanation of how large tranches of data from the Amazon chief’s phone were surreptitiously swiped could be shockingly simple.

Bezos’s iPhone, it has been reported, was compromised after he received a WhatsApp message with a video attachment from MBS’s account in the spring of 2018. The two had met about a month earlier at a dinner and exchanged contact information. (WhatsApp, of course, is the encrypted messaging application owned by Facebook.)

Malware can be stowed in a variety of Trojan Horses, but it is generally accepted among cybersecurity experts that for a smartphone to be hacked, the recipient must be tricked into, say, clicking on a poisonous link, downloading an infected audio file, or visiting a rigged website. In other words, the target must actually do something to open the virtual door to the thief.

Encrypted messaging applications have been previously exposed as vulnerable. For instance, NSO Group, an Israeli cybersecurity firm, allegedly developed a tool that exploited WhatsApp’s calling feature to drop malware on a phone, which allowed NSO’s clients to spy on a phone’s owner. WhatsApp sued NSO Group over the exploit, which was reportedly used to target human rights activists and journalists. (NSO has been identified as, and denied, having been involved in the Bezos hack.)

Mohammed Bin Salman is a 'great friend of mine', says Trump

We have not reviewed all of the files from FTI Consulting, which investigated this hack for Bezos, and we have no connection to the case. But one possible explanation for what happened here is that the settings on Bezos’s WhatsApp account were never adjusted from the default, which automatically downloads videos and photos to an iPhone’s camera roll — breaking media files, and any embedded malware, free from the contained WhatsApp ecosystem and injecting them into the smartphone’s other data sources.

If this was the case, Bezos would not have had to proactively download and save the phishy video to his phone; the malicious software would have been downloaded and began executing automatically, likely without him realizing it.

Did a world-class hacker deploy complex tools to crack the phone of the world’s wealthiest person and one of the savviest business technologists of his generation? Only he and his handlers know. But there may be a far simpler, if equally troubling, explanation. There almost always is.

Tyler Maroney is a co-founder and partner of QRI, a private investigations firm. David Burghauser leads QRI’s cyber investigations practice

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in