Thursday, January 23, 2020

Don't Be Like Jeff Bezos...


By now you’ve probably heard about the incredible hack of Jeff Bezos’s iPhone.  If you haven’t, let me give you a quick rundown of what took place...

It seems that in 2018, Jeff Bezos (the owner of Amazon and currently the world’s richest individual) met with the Crown Prince of Saudi Arabia Mohammad bin Salman bin Abdulaziz bin Abdul Rahman bin Faisal bin Turki bin Abdullah bin Mohammed bin Saud, who goes by the initials MBS.  At this meeting the two men exchanged info on how to contact each other via the encrypted chat application named WhatsApp.

WhatsApp is one of the most popular texting applications in the world due to its security.  Texts are encrypted from the moment they leave a user’s phone can only be de-crypted by the recipient’s phone.  Even the people who work at WhatsApp cannot break the encryption and read the messages.  Because of this amazingly strong encryption protocol, WhatsApp is incredibly popular, used by an estimated 1.5 billion people.

It is a well known fact that MBS uses it and the he frequently keeps in personal contact with world leaders through text messages.  So… to Jeff Bezos, exchanging WhatsApp contact info probably seemed like a normal and even smart thing to do, giving him direct access with one of the world’s most powerful leaders.

Later in 2018, the journalist Jamal Khashoggi was murdered.  It was soon determined that Mr. Khashoggi was killed by Saudi intelligence with the direct authorization of MBS.  Mr. Khashoggi was a journalist for the Washington Post and a Saudi citizen who was extremely critical of the government of Saudi Arabia and MBS in particular.  The theory is that he was murdered to silence him and his popular criticisms of the Saudi political system.

Jeff Bezos, in addition to owning Amazon, also owns the Washington Post which, interestingly enough, is the paper where Jamal Khashoggi worked.

The plot thickens...

In May of 2018 Bezos and MBS were engaged in a seemingly friendly WhatsApp exchange when a video file was sent from the prince to Bezos.  Unbeknownst to Bezos, the video file also contained malicious instructions that allowed for remote access to the phone.

Within hours huge amounts of data were transmitted from the phone to an unknown location dictated by the malware in the video file.  Mr. Bezos was unaware of the data transfer and had no idea anything was amiss.  No one seems to know where the information was sent or how it was used.  What IS known is that the breach happened pretty much as soon as the video file arrived on the phone.  This was NOT a failure of WhatsApp.  The encryption worked just fine.  It was the video file and the malware it contained that caused the problem.

This kind of thing has been known to happen in the Middle East before.  If you are interested type “Project Raven” into Google and see what happens.

Could Jeff Bezos have prevented this?  Maybe.  It always pays to not open things you get from others, but when it is someone you know & trust, it’s a lot harder to do that.  Also there are security apps that will scan things, but in order for it to be detected the malware needs to have been identified and added to the scanning database.  If it is something knows about, the chances of detection drops precipitously.

No comments:

Post a Comment