Saudi Hack of Bezos' Phone Shines Bright Light on Security Challenges
February 7, 2020
A digital forensic analysis conducted by Anthony Ferrante of business advisory firm
FTI Consulting concludes with "medium to high confidence" that Amazon CEO Jeff Bezos' smartphone was hacked through a malicious file sent from the WhatsApp account of Saudi Arabian crown prince Mohammed bin Salman.The malware was in an MP4 file attached to a WhatsApp message.FTI Consulting forwarded its findings to United Nations special rapporteurs who released
technical elements of the report.Rapporteurs investigate the promotion and protection of freedom of opinion and expression, among other things.FTI Consulting declined our request to comment for our story, stating that all client work is confidential.Saudi Arabia's embassy in the United States has denied the allegations.
The reason FTI qualified its conclusion likely is because "computer forensics isn't always an exact science, and the experts might be limited by the data and evidence they have in hand," said Tim Erlin, VP of product management and strategy at Tripwire."There may also be unanswered questions or alternatives to consider," he told TechNewsWorld.FTI's conclusion "suggests they have a sequence of events that makes it likely that the video attachment carried malware, but they either didn't prove causality or can't be sure the crown prince created the hack as opposed to his just forwarding a compromised email," suggested Rob Enderle, principal analyst at the Enderle Group."It rarely gets stronger than this unless the alleged perpetrator confesses, or the intelligence organization gets access to the entire chain of evidence," he told TechNewsWorld.The malware "appears to have had a self-destruct built in, making it impossible to have 100 percent concrete proof," noted Liz Miller, principal analyst at Constellation Research.FTI's investigators "did not find even remnants of the malware code on the device, but did find a file with an encrypted downloader that had been delivered with the video," she told TechNewsWorld.WhatsApp, which hosted the downloader, has end-to-end encryption, which prevents investigators from accessing the downloader's contents or code, Miller pointed out.
initiated a WhatsApp messaging conversation with Bezos on April 28, 2018, after they met at a dinner in Hollywood.On May 1 Bezos received a message with a video attachment from the prince's WhatsApp account.Within hours, the volume of data transmitted from Bezos' phone skyrocketed by 30,000 percent, FTI found. Data spiking continued over several months, at rate as much as 106 million percent higher than before the video was received."How did it take months for this to be noticed?" wondered Constellation's Miller.FTI found that on two later occasions the prince sent messages to Bezos that suggested he had knowledge of his private communications:
The UN special rapporteurs have linked the...