Did Saudi Arabia Hack Phone Of Amazon Boss Jeff Bezos?

Owner of the Washington Post allegedly had his phone hacked months before murder of Post journalist Jamal Khashoggi in Saudi consulate

One of the world’s richest men and the owner of Amazon, Jeff Bezos, has allegedly had his phone hacked by officials from Saudi Arabia.

Indeed, the mobile phone of Bezos was hacked in 2018, after it received a WhatsApp message that had allegedly been sent from the personal account of the crown prince of Saudi Arabia, sources told the Guardian newspaper.

But Saudi Arabia has denied that its crown prince was responsible for hacking Amazon boss Jeff Bezos’ phone, calling the allegations “absurd”.

Amazon Web Services
Amazon boss Jeff Bezos

Saudi hack?

According to the Guardian, the encrypted message from the number used by Mohammed bin Salman, is believed to have included a malicious file that infiltrated Bezos phone, according to the results of a digital forensic analysis carried out by private security firm FTI Consulting.

The newspaper said the analysis found it “highly probable” that the intrusion into the phone was triggered when an infected video file was sent from the account of the Saudi heir.

Bezos and the crown prince had reportedly been having a seemingly friendly WhatsApp exchange when, on 1 May of 2018, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.

Large amounts of data was reportedly exfiltrated from Bezos’s phone within hours, according to a person familiar with the matter.

It should be noted that Jeff Bezos owns the Washington Post, which has been critical of the Saudi regime.

In October 2018, months after Bezos phone was reportedly infected, one of the Post’s journalists (Jamal Khashoggi) was murdered in the Saudi consulate in Istanbul by agents of the Saudi government.

Khashoggi had also been a prominent critic of the Saudi government.

Others have noted noted that in early 2019 the US tabloid the National Enquirer published intimate details about Bezos’s private life – including text messages.

But the Saudi’s have hit back at the allegations.

The Saudi embassy in the United States said the stories were “absurd” and called for an investigation into them.

“Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos’ phone are absurd. We call for an investigation on these claims so that we can have all the facts out,” it said in a message posted on Twitter.

UN investigation

And this investigation could be on the way at the highest circles.

Two UN officials will report on Wednesday that there is enough evidence suggesting that Saudi Arabia had hacked Bezos’ phone, and both the kingdom and the United States should investigate, a person familiar with the matter told Reuters.

The United Nations’ officials reportedly plan a public statement to state they found credible a forensic report commissioned by Bezos’ security team, which concluded that his phone probably had been hacked with a tainted video sent from a WhatsApp account belonging to Saudi’s crown prince Mohammed bin Salman.

Outside experts consulted by the UN agreed that while the case was not airtight, the evidence was strong enough to warrant a fuller investigation.

Caution needed

Meanwhile a cybersecurity expert told Silicon UK that this attack demonstrated the need for high value individuals to be very cautious online.

“This has all the hallmarks of the Pegasus spyware, which is a very sophisticated malware. When run on a device you will likely have no idea of what has just happened,” said Jake Moore, cybersecurity specialist at ESET.

“Engineering a file to look like a photo or video that has come from a contact is the perfect way of executing the malware, so no doubt Bezos was unaware what had just occurred,” said Moore.

“This particular spyware is used on highly targeted individuals and so people of high value or wealth need to be extremely cautious of such tactics used,” said Moore. “Bezos may well have innocently clicked on the file in the message, but extreme caution should always be adhered to whenever something is received.”

“Although difficult to reduce the risk, anyone who is a possible target, including people in the media and politicians, should always be aware of the risks,” he added. “Groups such as the NSO are very capable of carrying out vulnerability checks on operating systems and are always out to exploit and weaknesses found before they are patched.”

WhatsApp sued NSO in late October 2019, alleging it was behind the cyberattack earlier that year that infected devices with advanced surveillance tools.

Do you know all about security? Try our quiz!