- Click to share on Facebook (Opens in a new window)
- Click to share on Twitter (Opens in a new window)
- Click here to share on LinkedIn (Opens in a new window)
- Click to email a friend (Opens in a new window)
Did the Saudi crown prince hack Bezos's cell phone? 1:35
(CNN Business) - The explosive conclusion of cybersecurity consultants and United Nations officials that the richest man in the world, Jeff Bezos, president of Amazon, was hacked, has raised new questions about the security of millions of applications and Common devices that people use every day.
How did the attackers get to Bezos' iPhone in the first place? And if someone as powerful as Bezos can be compromised in this way, could he be at risk too?
This is what we know so far.
- World political scandal over hacking the cell phone of Jeff Bezos; UN experts say they are "very worried"
Jeff Bezos, founder of Amazon.
What happened to Bezos
Bezos was hacked in May 2018 after receiving a WhatsApp message from Saudi Crown Prince Mohammed bin Salman, according to a forensic analysis conducted by a team hired by Bezos and reviewed by UN researchers.
A source close to the UN team said the UN investigators did not have direct physical access to Bezos' phone, but they thoroughly reviewed the research conducted by FTI Consulting, the independent cybersecurity experts hired by Bezos.
According to the experts' findings, the suspicious message contained a video file. Shortly after the video was delivered, the device transferred hundreds of megabytes of phone data, apparently without Bezos's knowledge.
If the forensic analysis is accurate, whoever was behind the attack stole more than 6 gigabytes of information in this way in the following months, UN researchers said in their assessment.
Saudi Arabia denied that it was responsible for hacking the Bezos device.
"Recent media reports suggesting that the Kingdom is behind a hacking of Mr. Jeff Bezos's phone are absurd," the Saudi embassy in Washington tweeted on Tuesday. "We request an investigation into these claims so that we can have all the facts."
In his first public comment on Wednesday since the news about the hacking emerged, Bezos tweeted a photo of himself attending a memorial service for Jamal Khashoggi, the Washington Post journalist who was killed by Saudi agents in 2018, in an attack that the CIA said it was personally ordered by the crown prince. "#Jamal," said the tweet. The Washington Post is owned by Bezos. (The crown prince has said that, as leader of Saudi Arabia, he assumes "full responsibility" for Khashoggi's death, but denies personal responsibility).
- Look: Saudi Arabia denies hacking Jeff Bezos's phone
How the attack worked
When studying Bezos' iPhone, forensic experts seemed to find nothing wrong with the video itself, according to the UN assessment. But the rest of the message included some additional indecipherable code. Under normal circumstances, this additional code is harmless. Help WhatsApp to transmit messages to and from its users. But because WhatsApp encodes their messages, using a technology called encryption, researchers could not know if, this time, the code also contained malicious software written by hackers.
Encrypted software, and what it could hide, is emerging as a focal point for data and national security experts who say more research is still needed. On Wednesday, experts at Citizen Lab, a research group based at the University of Toronto, offered a possible solution to decipher the additional software so it can be studied.
- Hacking on home cameras: passwords fault or security issue?
Should I worry about being hacked like Bezos?
A sophisticated actor and significant resources are needed to carry out a trick such as the one presented in the report, cybersecurity experts say, so it is a waste to use intrusion tools on most ordinary people.
Market prices for the exploitation of cell phones can vary between $ 50,000 and $ 150,000, said James Lewis, senior vice president and cybersecurity expert at the Center for Strategic and International Studies.
But powerful business executives and senior government officials have good reasons to be worried, Lewis added.
"If you're a billionaire who owns a newspaper, yes, they'll go after you," Lewis said. "If you are a human rights activist, if you are a politician, if you are a senior official, you are a good target."
That list could also include Trump administration officials such as Jared Kushner, who, like Bezos, has contacted the Saudi crown prince on WhatsApp. The White House lawyers have determined that WhatsApp is allowed to use as long as the staff does not share classified information and keep records of their conversations. Kushner knows those rules and complies with them, a US government official previously said. to CNN. The National Security Council declined to comment Wednesday when asked about Kushner's conversations on WhatsApp with the crown prince and any concerns about them.
The attacks like the one alleged in the report are part of a worrying trend, said Senator Ron Wyden, an Oregon Democrat, in a letter sent to Bezos on Wednesday by CNN. Wyden cited several examples of piracy software purchases by the Saudi government from several suppliers. Wyden asked Bezos to provide as much information as possible about the investigation.
"I am particularly interested in the technical details," Wyden wrote, "that could help the US government, businesses and independent investigators discover who else they could have attacked and take measures to protect themselves."
Even if I am not a target, is there a risk of using WhatsApp?
Not necessarily, but it is difficult to know after this attack.
WhatsApp, owned by Facebook, has faced security issues before.
Last year, WhatsApp sued the Israeli technology company NSO Group, claiming that the company's surveillance software abused WhatsApp's video calling functions to spy on activists and journalists. WhatsApp called it a form of "cyber attack" and closed the software's ability to monitor users more. The NSO Group at that time denied the espionage accusations and promised to “vigorously fight” the lawsuit, which is still pending before a federal court in California.
The NSO Group returned to the news this week when its software was identified as the "most likely" cause for data to be transferred from Bezos 'phone, according to the UN researchers' evaluation of the FTI Consulting report.
In a statement to CNN on Wednesday, the NSO Group denied any involvement in the hacking of Bezos's phone and threatened to take legal action against those who claimed otherwise.
"Our technology was not used in this case," the statement said. “We know this because of how our software works and our technology cannot be used in US phone numbers. Our products are only used to investigate terrorism and serious crimes. Any suggestion that NSO is involved is defamatory and the company will take legal advice to address this situation. ”
Then, in November, WhatsApp released another update, addressing a vulnerability that sounds similar to the attack that is said to have compromised Bezos's phone. That flaw allowed attackers to compromise a WhatsApp user by sending them a "specially designed MP4 file." At the moment, it is not clear if Bezos was a victim of this vulnerability or a different one. WhatsApp declined to comment.
In any case, experts say, stealing as much data as the investigation states that they were stolen from Bezos's phone would probably require exploiting multiple vulnerabilities that affect a variety of systems on a phone, not just a WhatsApp vulnerability.
"Typically, an application-specific vulnerability would probably give the attacker the ability to execute commands or access files within the target application," said Ashkan Soltani, an information security expert and former chief technologist at the Federal Trade Commission . "However, sophisticated attackers often combine the attack with other exploits ... to access files outside the limited WhatsApp environment."
What can I do to protect myself?
If you are a WhatsApp user, make sure your application is up to date.
- Zachary Cohen, Alex Marquardt and Nick Paton Walsh contributed to this report.