Amazon CEO Jeff Bezos had his phone hacked for months and gigabytes of his private data stolen, according to forensic analysis.
According to a new report from the New York Times, a new investigation suggests that the hacking of Bezos’s phone stems from a WhatsApp account linked to Saudi Arabia’s Crown Prince Mohammed bin Salman and one seemingly innocuous video file. More details are now available in the NYT report.
Bezos was hacked in May 2018 after receiving a WhatsApp message from Saudi Crown Prince Mohammed bin Salman, according to a forensic analysis conducted by a team hired by Bezos and reviewed by UN investigators.
A source close to the UN team said UN investigators did not have direct physical access to Bezos’s phone but that they extensively vetted the research done by FTI Consulting, the independent cybersecurity experts hired by Bezos.
According to the experts’ findings, the suspicious message contained a video file. Soon after the video was delivered, the device transferred hundreds of megabytes of data off of the phone, apparently without Bezos’s knowledge.
“This reported surveillance of Mr. Bezos, allegedly through software developed and marketed by a private company and transferred to a government without judicial control of its use, is, if true, a concrete example of the harms that result from the unconstrained marketing, sale, and use of spyware,” United Nations special rapporteurs David Kaye and Agnes Callamard said in a statement.
Saudi officials have consistently denied being involved in the hack. “Saudi Arabia does not conduct illicit activities of this nature, nor does it condone them,” a spokesperson has said. They called for evidence to back up the claim so the country can prove it wasn’t responsible.
The analysis found that Bezos’ phone was likely hacked using a notorious tool named Pegasus created by the NSO Group, a secretive firm from Israel that bills itself as a leader in cyberwarfare.
The spyware has been sold to governments and law enforcement agencies worldwide and it’s claimed the technology can exploit vulnerabilities in devices and allow data to be collected. NSO is facing multiple lawsuits around the world. In a statement, the company said its technology was “not used in this instance.”
The alleged hack shows that security online is never guaranteed, even on this very popular Facebook-owned encrypted messaging app. And that’s something to keep in mind even if you aren’t a billionaire.