A shockingly simple theory on how Jeff Bezos' phone could have been hacked, from two private investigators

It could have been a world-class hacker — or it could have been something much simpler and more troubling

Tyler Maroney
New York
,David Burghauser
Thursday 23 January 2020 20:43 GMT
Comments
Bezos was previously pictured with Mohammed bin Salman in seemingly friendly situations
Bezos was previously pictured with Mohammed bin Salman in seemingly friendly situations (AP/Getty)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

Since the news broke Wednesday that Jeff Bezos’s phone was hacked— perhaps by someone with access to Saudi Arabia’s Crown Prince Mohammed bin Salman’s phone — the internet has been ablaze with speculation about why and how such powerful figures would engage in high-stakes cyber warfare. Blackmail material? A favor for the American president? Revenge for The Washington Post’s reporting on the assassination of Saudi dissident Jamal Khashoggi? (Bezos owns the Post.)

The identity of the villain and the motive behind the daring electronic smash-and-grab may be elusive for now, but the explanation of how large tranches of data from the Amazon chief’s phone were surreptitiously swiped could be shockingly simple.

Bezos’s iPhone, it has been reported, was compromised after he received a WhatsApp message with a video attachment from MBS’s account in the spring of 2018. The two had met about a month earlier at a dinner and exchanged contact information. (WhatsApp, of course, is the encrypted messaging application owned by Facebook.)

Malware can be stowed in a variety of Trojan Horses, but it is generally accepted among cybersecurity experts that for a smartphone to be hacked, the recipient must be tricked into, say, clicking on a poisonous link, downloading an infected audio file, or visiting a rigged website. In other words, the target must actually do something to open the virtual door to the thief.

Encrypted messaging applications have been previously exposed as vulnerable. For instance, NSO Group, an Israeli cybersecurity firm, allegedly developed a tool that exploited WhatsApp’s calling feature to drop malware on a phone, which allowed NSO’s clients to spy on a phone’s owner. WhatsApp sued NSO Group over the exploit, which was reportedly used to target human rights activists and journalists. (NSO has been identified as, and denied, having been involved in the Bezos hack.)

Mohammed Bin Salman is a 'great friend of mine', says Trump

We have not reviewed all of the files from FTI Consulting, which investigated this hack for Bezos, and we have no connection to the case. But one possible explanation for what happened here is that the settings on Bezos’s WhatsApp account were never adjusted from the default, which automatically downloads videos and photos to an iPhone’s camera roll — breaking media files, and any embedded malware, free from the contained WhatsApp ecosystem and injecting them into the smartphone’s other data sources.

If this was the case, Bezos would not have had to proactively download and save the phishy video to his phone; the malicious software would have been downloaded and began executing automatically, likely without him realizing it.

Did a world-class hacker deploy complex tools to crack the phone of the world’s wealthiest person and one of the savviest business technologists of his generation? Only he and his handlers know. But there may be a far simpler, if equally troubling, explanation. There almost always is.

Tyler Maroney is a co-founder and partner of QRI, a private investigations firm. David Burghauser leads QRI’s cyber investigations practice

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in