In January 2020, a British daily newspaper The Guardian reported that Amazon CEO Jeff Bezos’ iPhone could have been hacked by a Saudi Arabian crown prince. In the midst of this, the content of an investigation report on the hacking of Bezos’ iPhone by the Saudi Crown Prince was reported.
The suspicion that Bezos’ iPhone had been hacked emerged from an investigation into his affair scandal reported in 2019. Through anonymous information, there are reports that a large amount of data was stolen from Bezos’ iPhone due to a malicious file sent by Saudi Arabian Crown Prince Mohamed bin Salman to Bezos CEO.
Prince Bin Salman is the chairman of the sovereign wealth fund that focuses on SoftBank Vision Fund, and is suspected of being related to the assassination of journalist Jamal Kashogi in 2018. The report obtained by foreign media was made by FTI Consulting, an American business advisory company. According to this, a dedicated laboratory was set up to investigate the Bezos iPhone, reset the iPhone to avoid encryption of iTunes backups on the iPhone, restore it to factory defaults, and obtain unencrypted data. However, the investigators said they were unable to detect the malicious code on the iPhone.
Meanwhile, on May 1, 2018, he discovered that a file that appeared as a promotional video in Arabic was sent from the Crown Prince to Bezos through the messenger app WhatsApp. The video file, which shows the thumbnails representing Saudi Arabia and Sweden, is transmitted to the downloader encrypted through the end-to-end encryption provided by WhatsApp, and it is said that it was not possible to confirm whether the video file itself contained malicious code.
The reason the investigators decided that the video or downloader was suspicious was that Bezos’ CEO started transferring large amounts of data from the iPhone shortly after launching the downloader. According to a report, Bezos’ iPhone averaged 430 KB of data per day before running WhatsApp’s encrypted downloader. However, a few hours after downloading the video file from WhatsApp, the amount of data transferred has jumped to 126MB.
The report noted that the device output immediately increased by 29,000% after running an encrypted downloader sent from Prince Bin Salman. The amount of data transferred from the iPhone was still high over the next few months, and on average, it was transferring 101MB of data per day.
The investigator believes that Bezos’s iPhone was hacked through a tool raised by Saud al-Qahtani, a friend of Prince Vin Salman and a media consultant, as a result of synthesizing the results of large-scale investigations, including the iPhone. Katani, like Prince Bin Salman, is known to have been involved in the assassination of Kashogi, and is also the chairman of SAFCSP, a Saudi Arabian state agency in charge of cybersecurity and programming.
There are reports in foreign media that suggest that the hacking tool was developed by the Israeli technology company NSO Group as a source of procurement, but the report does not mention that the NSO group tool was used. The report reports that advanced spyware, such as NSO Group’s Pegasus or Hacking Team’s Galileo, can connect to legitimate applications or processes on the device to prevent discovery, embarrass activity, and eventually intercept or leak data. It is just pointing out that there is.
In addition to the large amount of data being sent from Bezos’ iPhone, it is said that a message sent to Bezos by Prince Bin Salman was also suspicious. The woman reflected in the picture sent by the Crown Prince to Bezos on November 8, 2018 is similar to Lauren Sánchez, who had a close relationship with Bezos. However, at the time this photo was transmitted, the relationship between Bezos and Sanchez was not disclosed, and it is strange that the Crown Prince sent this photo to Bezos.
This survey did not analyze all the data contained in Bezos’ iPhone. I didn’t look into the entire file system. Lastly, the report pointed out that Bezos’ iPhone needs to be jailbroken and analyzed the root file system, and admits that there is a possibility that malicious code could be found in unexamined files. Related information can be found here .
Add comment