Follow Us:
Monday, April 06, 2020

Jeff Bezos phone hacking: UN wants investigation, NSO Group says we didn’t do it

The forensic report of Amazon CEO Jeff Bezos' phone hacking from 2018 has been made public by the UN. Bezos' iPhone was hacked via a malicious video file sent on WhatsApp sent by Saudi Crown Prince Mohammad Bin Salman.

Written by Shruti Dhapola | New Delhi | Updated: January 24, 2020 11:00:55 am
Jeff Bezos, Bezos phone hacked, Jeff Bezos phone WhatsApp hack, Mohammad Bin Salman, MBS, Who is MBS, Mohammad Bin Salman Bezos hacking, Lauren Sanchez, Jeff Bezos girlfriend In this file photo from 2017, Jeff Bezos attends the premiere of “The Post” at The Newseum in Washington. United Nations experts have called for “immediate investigation” by the United States into information they received that suggests that Jeff Bezos’ phone was hacked after receiving a file sent from Saudi Crown Prince Mohammed bin Salman’s WhatsApp account. (Image source: AP)

The forensic details of Amazon CEO and founder Jeff Bezos’ phone hacking from 2018 have been made public as part of a report by the United Nations. UN human rights experts said that Bezos’ iPhone was compromised after receiving a video file on WhatsApp. The video was sent from a WhatsApp account used by Crown Prince of Saudi Arabia Prince Mohammad Bin Salman. Saudi Arabia on its part has denied the charge that the Crown Prince sent the message.

The use of NSO Group’s Pegasus-3 or Italy based Hacking Team’s Galileo malware is suspected in this case to carry out the illegal surveillance. For now, the NSO Group has denied the charge. Bezos’ phone was examined by cyber-security experts at the FTI Consulting, hired by the Amazon founder, and they conducted a forensic analysis of the phone. Details of the FTI report have been published by Motherboard.

The Guardian has first reported on the issue, though the Saudi link was suspected back in 2019 by Bezos’ security team. According to the UN human rights experts, the incident is being seen as a serious “contravention of fundamental international human rights standards,” and there are calls for a full fledged investigation into the issue.

While Amazon is yet to issue a statement on this, Bezos later tweeted a photo remembering slain Washington Post journalist Jamal Khashoggi, who was killed in the Saudi embassy in Turkey by Saudi agents. The late Khashoggi was a vociferous critic of the Saudi Crown Prince. Bezos also owns The Post. 

Jeff Bezos, Bezos phone hacked, Jeff Bezos phone WhatsApp hack, Mohammad Bin Salman, MBS, Who is MBS, Mohammad Bin Salman Bezos hacking, Lauren Sanchez, Jeff Bezos girlfriend A 2019 file photo of Saudi Arabia’s Crown Prince Mohammed bin Salman talking to Russian President Vladimir Putin during the talks in Riyadh, Saudi Arabia. The Crown Prince’s WhatsApp account was used to target Bezos. (Image source: AP)

The UN report also acknowledges that the surveillance were part of the Crown Prince’s efforts to silence The Washington Post‘s reporting on Saudi Arabia, which has been critical of Prince Salman in particular.

“The alleged hacking of Mr Bezos’ phone, and those of others, demands immediate investigation by US and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents. This reported surveillance of Mr Bezos, allegedly through software developed and marketed by a private company and transferred to a government without judicial control of its use, is, if true, a concrete example of the harms that result from the unconstrained marketing, sale and use of spyware,” the independent UN experts said in a statement. 

The WhatsApp video

According to Motherboard, an initial analysis of the phone did not confirm any malware. However, a video that was sent by the Saudi Crown Prince was seen as a suspicious file. This video looked like an Arabic language promotional film about telecommunications. The thumbnail of the video had flags of Saudi Arabia and Sweden.

Jeff Bezos, Bezos phone hacked, Jeff Bezos phone WhatsApp hack, Mohammad Bin Salman, MBS, Who is MBS, Mohammad Bin Salman Bezos hacking, Lauren Sanchez, Jeff Bezos girlfriend Jeff Bezos, president and CEO of Amazon and owner of The Washington Post, speaks at the Economic Club of Washington DC’s “Milestone Celebration Dinner” in Washington, US. September 13, 2018. (Image source: Reuters)

Forensic analysis confirms WhatsApp video link

The forensic analysis report shows that the behaviour on the phone changed drastically after the WhatsApp video was received. This is being seen as evidence that a sophisticated malware was attached to the video file.

FTI has said that because the video downloader was encrypted and could not be decrypted, they were unable to conclude the exact malware that was used. This bit has raised questions about the strength of the report’s evidence, with other cyber-security experts questioning why they were not able to decrypt the encoder.

But it was clear that once Bezos received the video on his iPhone, the phone started behaving abnormally with a 29,156 per cent jump in data egress or data transfer from the device, according to the FTI report.

It says, “A timeline analysis of cellular data originating from Bezos’ iPhone X reveals a 29,156 percent increase in unauthorized egress data within hours of the video’s delivery. There were also several additional notable spikes in egress data following the initial spike on May 2, 2018, ranging from 221MB through a highly atypical 4.6GB.” The spyware likely stole gigabytes worth of information from Bezos’ phone over the months.

Explained: All the links in Amazon founder Jeff Bezos’ phone hacking

According to the experts, the forensic analysis showed that the spyware most likely used was the NSO Group’s Pegasus-3 malware or the Hacking Team’s Galileo. Previously, Amnesty international had pointed out how two of its Saudi Arabia workers were targeted with NSO’s Pegasus- 3, which has been purchased by the kingdom.

The UN report’s timeline also makes it clear that Facebook had itself acknowledged in November 2019 that WhatsApp could be used to exploit a user’s phone via a malicious MP4 video file.

Jeff Bezos, Bezos phone hacked, Jeff Bezos phone WhatsApp hack, Mohammad Bin Salman, MBS, Who is MBS, Mohammad Bin Salman Bezos hacking, Lauren Sanchez, Jeff Bezos girlfriend Jeff Bezos, founder of Amazon, and his girlfriend TV presenter Lauren Sanchez arrive at a company event in Mumbai, India, January 16, 2020.) (Image source: Reuters)

MBS taunted Bezos with offensive meme about his girlfriend

The UN report also lists out a timeline of events, which points out that Bezos attended a dinner with the Crown Prince on April 4, 2018 during the course of which they exchanged phone numbers for their WhatsApp accounts. The malicious message was sent to Bezos on May 1, 2018, according to this timeline.

On November 8, 2018, the Crown Prince appeared to taunt Bezos as he texted him on a photo with an offensive caption on WhatsApp. The photo resembled Lauren Sanchez, Bezos’ current girlfriend, though the affair was not yet public.

The caption read, “Arguing with a woman is like reading the Software License Agreement. In the end you have to ignore everything and click I agree.” The incident is also mentioned in the FTI report.

NSO Group’s response

NSO Group has denied the use of Pegasus to hack into Bezos’ phone. In a statement posted on their website, the company said they were “shocked and appalled by the story that has been published with respect to alleged hacking of the phone of Mr Jeff Bezos.”

Further, the statement adds that “if this story is true, then it deserves a full investigation by all bodies providing such services to assure that their systems have not been used in this abuse.”

According to them such abuse of surveillance system will “blacken the eye of the cyber intelligence community and put a strain on the ability to use legitimate tools to fight serious crime and terror.”

Jeff Bezos, Bezos phone hacked, Jeff Bezos phone WhatsApp hack, Mohammad Bin Salman, MBS, Who is MBS, Mohammad Bin Salman Bezos hacking, Lauren Sanchez, Jeff Bezos girlfriend A file photo of the NSO Group’ logo is shown on a building where they had offices in Herzliya, Israel. (Image source: AP)

NSO has always insisted that their software is only to be used to track criminals and terrorists. The statement adds, “These type of stories highlight the need for the surveillance community to follow our lead and implement strict Human Rights Policies and to act in a compliant manner.”

The group also said they are willing to engage with the UN, Bezos and any other body to “fully understand these issues and to set guidelines and capabilities to assure the protection of human rights in the sale and use of surveillance equipment.”

The WhatsApp vulnerability

In November 2019, Facebook had confirmed vulnerability CVE-2019-11931, which said that a specially crafted MP4 file sent to a WhatsApp user could be used to trigger a stack-based buffer overflow. This stack-based overflow vulnerability is used by attackers to gain access to a computer or a smartphone.

Facebook acknowledged that it could result in Denial of Service (DoS) or a Remote Code Execution (RCE) attack. The RCE attack allows hackers to run malicious code on the device to access and make changes on the infected device or computer. The attack is able to gain full control over the device thanks to this kind of attack.

Facebook had said that the issue impacted Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.

It had asked users to update their apps in order to make sure they were not impacted by the vulnerability. In a statement, WhatsApp had also said there was no reason to believe users were impacted.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.