Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Iphone

Here Is the Technical Report Suggesting Saudi Arabia's Prince Hacked Jeff Bezos's Phone (vice.com) 63

A report investigating the potential hack of Jeff Bezos' iPhone indicates that forensic investigators found a suspicious file but no evidence of any malware on the phone. Motherboard: It also says that investigators had to reset Bezos's iTunes backup password because investigators didn't have it to access the backup of his phone. The latter suggests that Bezos may have forgotten his password. The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that "appears to be an Arabic language promotional film about telecommunications." That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video." Investigators determined the video or downloader were suspicious only because Bezos' phone subsequently began transmitting large amounts of data. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states.

"The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos' phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data. The digital forensic results, combined with a larger investigation, interviews, research, and expert intelligence information, led the investigators "to assess Bezos' phone was compromised via tools procured by Saud al Qahtani," the report states.

This discussion has been archived. No new comments can be posted.

Here Is the Technical Report Suggesting Saudi Arabia's Prince Hacked Jeff Bezos's Phone

Comments Filter:
  • by giampy ( 592646 ) on Wednesday January 22, 2020 @12:45PM (#59644636) Homepage

    Not using an Amazon Fire Phone, he should have given the example, haha :)

    • Not using an Amazon Fire Phone, he should have given the example, haha :)

      See, now here's the funny part. The Fire Phone was 3D-equipped and Bezos never really understood that no one wanted a phone with his 3D dickpics as the default theme. Dark Mode or Not.

    • Does it mean he allowed untrusted apk sources and then OKed some obscure video app? If yes, he was rightfully p0wn3d.
  • His password was... 1... 2... 3... 4... 5. Probably the same as the lock on his luggage.
  • by Anonymous Coward

    Seriously y'all... this traitor has got to go.

    The Senate may be covering up evidence of Trump's treasonous, anti-American activities like a Slashdot editor, but the evidence is all around us.

    Open your eyes, see the truth, and do your job.. In other words vote. Don't just whine like a Bernie Bro..

    Fucking Vote!

  • I guess we won't hear all those "he should have gotten an Iphone for security" comments. Already have seen that sort of comment on other articles like this.

  • Isn't the whole point of iPhone's "walled garden" to make sure that this exact type of scenario can't happen?
    • Not if your applications are hacked. Best part of this - the hack was out for over a year before whatsapp patched it.

      https://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-bug-messages-hack-android-update-ios-mp4-video-a9206901.html
    • Re:An iPhone? (Score:5, Informative)

      by JaredOfEuropa ( 526365 ) on Wednesday January 22, 2020 @01:08PM (#59644718) Journal
      It doesn’t prevent it, but it makes it less likely and also mitigates the effects somewhat. From the article, it sounds like the phone itself wasn’t compromised (at least they didn’t find anything). The app would have been infected, and that would give it access only to the data that the app normally has access to, plus whatever unpatched holes in iOS it can access. Unfortunately in case of WhatsApp, it can access quite a bit: contacts, photos, camera, possibly location data, etc.
    • Re: (Score:2, Informative)

      by Bradac_55 ( 729235 )

      Really ? I know /. isn't a quarter of what it used to be but it's still a tech blog you should know better.

      He installed WhatsApp which should be classified as malware but isn't because .. Facebook.

  • by melted ( 227442 ) on Wednesday January 22, 2020 @01:12PM (#59644728) Homepage

    They weren't able to actually find any malware, and their conclusion hinges on increased traffic, which they don't even know where it went. iOS processes can't access each other's data. It's encrypted using separate keys per app, which you can't even access (they're in the secure enclave). So the only thing this "attack" (which I'm calling bullshit on) could have accessed would be WhatsApp. And they also don't explain how it gained persistence, which to me is an indicator that they don't know. I think Bezos wanted some exculpatory document which would blame someone other than Sanchez' relatives for leaking his dick pics. He probably paid a stupid amount for it, but his own security people would tell him unequivocally that this is horseshit.

    • by Altus ( 1034 )

      Yes, you are correct, but of course for WhatsApp to do its thing users generally give it a lot of access including photos and contacts... and it's had this vulnerability for quite some time. Just because your phone has this kind of security doesn't mean your apps themselves are secure.

    • Comment removed based on user account deletion
      • They probably used a 0-day exploit to steal a session key for his logged in phone, they remotely enable some cloud sync feature which triggers his phone to start syncing stuff to a cloud account, then exfiltrate from the cloud account.

        Assuming it was iCloud, that probably would have enabled stuff from lots of apps to get synced... but it also seems like Apple would have evidence of what happened and would have been able to discover it in their investigation.

    • So they found an encrypted file and claim that data use increased after that. This seems a bit more reasonable in terms of pointing to malware, though it's more of a guess than a conclusion, but the problem is that there's nothing linking it to MbS as far as I can see. They blame some other Saudi, but don't say why, and it's quite confusing given how quick and certain they are with the attribution when they admit that they can't analyze the file. I'm sorry, but making your super secret hacking app fly th

      • If he had a clue he wouldn't have wanted the Iphone X either. Convenience bites you in the backside. I text plenty of indiscreet things to my wife, but I am not a major blackmail target

      • At least there was more actual evidence linking MbS to murdering that WaPo contributor/arms dealer/terrorist.

        WTF are you talking about?

    • Don't be stupid. It's NSO software:

      https://www.telegraph.co.uk/te... [telegraph.co.uk]

      It is accused of allowing its tool to be used to target activists and create a virus able to infiltrate WhatsApp, a messaging app used by 1.5 billion people. That spyware gives hackers full access to a targetâ(TM)s phone, including their camera and microphone.

      âoeThe NSO are no amateurs at this and stop at nothing,â says Jake Moore, a cybersecurity specialist at Slovakian security firm Eset.

      Other paywalled link:
      https://www.ny [nytimes.com]

    • Yes, your post does read like horseshit.

      What part of encrypted downloader is unclear?
      What part of encrypted downloader is not SOP for malware?

      • This is the part I'm hung up on, too. TFS clearly states that there was no evidence of malware, then goes on to describe what is clearly malware, though perhaps not the entire payload - it may have simply deleted some of it's tracks after the initial infection was complete.

        So, what we have left is a traffic log showing a mass export of data with no other possible cause, and a suspiciously encrypted downloader that is the only thing left on the system that could have been responsible. But since it is encry

        • by melted ( 227442 )

          It's not even "mass export of data", since the destination is not known. For all we know maybe Bezos was sending a bunch of dick pics to Sanchez at the time. Unless they have proof positive that this was done by malicious code (which they do not), this is all just a fancy way of saying "thank you very much" for a couple million dollars Bezos paid for this "investigation" and "Gavin DeBecker".

    • Sure they did WhatsApp is the elephant in the room.

    • iOS processes can't access each other's data.

      I agree with you that this is fishy, but some of your arguments are probably wrong.

      Unless the attacker exploited a kernel vulnerability. Or maybe even just a userspace vuln that enabled root-level access.

      It's encrypted using separate keys per app, which you can't even access (they're in the secure enclave).

      Even assuming the encryption keys never leave the secure enclave (which is questionable for app data encryption keys, since there would be a big performance hit for jumping in and out of the secure enclave every time the app needed to decrypt its data; but lets assume the most-secure, least-performant cas

  • by shanen ( 462549 ) on Wednesday January 22, 2020 @01:42PM (#59644828) Homepage Journal

    On every aspect of this story I feel more torn than the gored ox. The "laugh or cry" angle is one way to put it...

    Should I laugh because Bezos has made a gigantic fortune by abusing other people's personal information and now HIS personal information is being abused?

    Or should I cry because of the resulting EVIL? Your mileage may differ, but I think MBS is an evil murderer and he is going to continue doing bad things, possibly even using the personal information of Bezos himself to force or manipulate Bezos into supporting more EVIL.

    In solution terms, I stopped using Amazon many years ago, even before Amazon started distorting the economy in bad ways. Personal problem, eh? I just think my freedom is more valuable than cheaper prices.

    Maybe the biggest joke is the relationship between freedom and truth. It seems (to me) as though most people just don't get it.

    Hmm... Can I fit the extreme example into the Amazon scenario? Consider omniscience...

    What Jeff Bezos wants (as the personification of Amazon) is a special form of omniscience as regards your shopping. He wants to know everything about you as it pertains to your shopping preferences. Whatever you want to buy, he wants you to buy it from him. The joke is that perfect knowledge eliminates freedom. At that point you would have no choice in where to buy it from and Bezos would have no choice but to sell it to you.

    (The peculiar joke goes all the way up just like the turtles go all the way down. If any omniscient gawd has any consistent principles, then that gawd would have no freedom, but would always have to act in accord with maximizing the values related to those principles. An omniscient being would know the best "option" at every decision point. A known future has no room for freedom in it. We are only free because of our imperfect knowledge, but (per my sig) I would argue that we still gain more freedom by learning more about our choices.)

  • That file shows an image of the Saudi Arabian flag and Swedish flags

    So if the file had been in a different language and contained different flags: say those of South Aftrica and Brazil, would those countries be accused of hacking the phone instead?

    While it does appear that the phone was hacked by someone the "evidence" pointing to one place or another seems rather simplistic. I doubt that even being able to trace the first hop or two of where all that data went wouldn't actually get an analyst much closer to the perpetrators.

    • by Altus ( 1034 )

      The reason the prince is suspected of hacking the phone has nothing to do with the contents of the video and everything to do with the fact that he sent the god damed file.

      • he sent the god damed file.

        Riiiiiight. Someone would send an american who speaks no other languages a video in Arabic. Makes complete sense, doesn't it?

    • It is plausible that the Saudi prince was the target and forwarded it, or it forwarded itself. After all it not like that has never happened before and he doesn't strike me as likely to be very IT literate.

  • Are billionaires like regular people and use something like “TheBezoKnees”, “SaudiOilMan”, “ThePrinceofOil”, “FreewithPrime” or “ThePrimeDirector”.

  • by Solandri ( 704621 ) on Wednesday January 22, 2020 @04:14PM (#59645388)
    It sounds like they should be telling MBS that his phone is likely hacked too, not assuming he's the perpetrator of the hack. Back in the day, the way email viruses commonly spread was by sending a copy of themselves to everyone in the contact list of the infected person's computer. Nowadays with constant network connectivity and modern remote access tools, a malware author can pick and choose whom to spread the virus to rather than blindly spamming everyone in the contact list. If the malware author accessed MBS' phone and saw Bezos as a contact, that would seem like a juicy next target.
  • Bezos, what a dunce.

  • ... if only they had a backdoor into his phone and stuff.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...