Here Is the Technical Report Suggesting Saudi Arabia's Prince Hacked Jeff Bezos's Phone (vice.com) 63
A report investigating the potential hack of Jeff Bezos' iPhone indicates that forensic investigators found a suspicious file but no evidence of any malware on the phone. Motherboard: It also says that investigators had to reset Bezos's iTunes backup password because investigators didn't have it to access the backup of his phone. The latter suggests that Bezos may have forgotten his password. The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that "appears to be an Arabic language promotional film about telecommunications." That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video." Investigators determined the video or downloader were suspicious only because Bezos' phone subsequently began transmitting large amounts of data. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states.
"The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos' phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data. The digital forensic results, combined with a larger investigation, interviews, research, and expert intelligence information, led the investigators "to assess Bezos' phone was compromised via tools procured by Saud al Qahtani," the report states.
"The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos' phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data. The digital forensic results, combined with a larger investigation, interviews, research, and expert intelligence information, led the investigators "to assess Bezos' phone was compromised via tools procured by Saud al Qahtani," the report states.
Fire Phone ? (Score:3)
Not using an Amazon Fire Phone, he should have given the example, haha :)
Re: (Score:2)
Not using an Amazon Fire Phone, he should have given the example, haha :)
See, now here's the funny part. The Fire Phone was 3D-equipped and Bezos never really understood that no one wanted a phone with his 3D dickpics as the default theme. Dark Mode or Not.
Re: Fire Phone ? (Score:2)
Spaceballers... (Score:1)
Bribe Trump, Kill Journalist, Hack Phone (Score:1, Insightful)
Seriously y'all... this traitor has got to go.
The Senate may be covering up evidence of Trump's treasonous, anti-American activities like a Slashdot editor, but the evidence is all around us.
Open your eyes, see the truth, and do your job.. In other words vote. Don't just whine like a Bernie Bro..
Fucking Vote!
Re: (Score:2, Troll)
After the trials, they are more properly called "Witch convictions." And there have been dozens of criminals ousted from Trump's administration: https://time.com/5556331/muell... [time.com]
The rule of law is paramount, and defending it is the duty of all true patriots. Don't fool yourself into thinking the country agrees with or supports the criminal currently residing in the White House. The polls are clear, and don't paint a pretty picture for Trump's re-election prospects.
Re: (Score:2)
Tell that to the liars at the GOP, fuckwit.
Re: (Score:1, Flamebait)
> patriots.
Nothing says patriot like conspiring to remove a president days after he is sworn in [realcleari...ations.com].
Is this part of the insurance policy talked about by FBI agents investing Trump? Or is this a Hail Mary plan B where the evidence is overwhelming and indisputable that need be rushed for 2020 but need the Senate to do the job of the House and the House will sit on their hands for a month? All the while invading the privacy of journalists and other members of congress to poison the well and putting lies in the
Re: (Score:2)
But repeating lies does make them true? That's sure what Trump seems to think. https://www.washingtonpost.com... [washingtonpost.com]
Re: Bribe Trump, Kill Journalist, Hack Phone (Score:2)
After the trials, they are more properly called "Witch convictions."
Yes, many witches were convicted as a result of the witch trials, and usually sentenced to death.
Re: (Score:2)
Are you saying that our justice system failed and that the convicts are not guilty? Say it more clearly, for the record. Say you think that the party that is not in power, and has never had control over our national criminal justice system, has somehow perverted justice on a grand scale. Don't beat around the bush. Fucking say it.
Re: Bribe Trump, Kill Journalist, Hack Phone (Score:2)
No, I'm saying that you're a dumbass for thinking that "witch convictions" us somehow better than a witch trial.
Re: (Score:1)
Well, that can happen, because by design, the Electoral College is there to help keep smaller states (which do have equal rights) have a say in how the president is elected. If we did away with that, then basically 2-3 states would rule the US and that isn't fair....Wyoming and RI are 100% equal states to NY and CA.
Well, as we saw last presidential elec
Re: (Score:1)
Can't you just cite for us the narrow historical interpretation that you're regurgitating into the discussion? Why should we all have to dig through your favorite revisionist history websites?
Not an Android. (Score:2)
I guess we won't hear all those "he should have gotten an Iphone for security" comments. Already have seen that sort of comment on other articles like this.
Re:Not an Android. (Score:4, Informative)
Re: (Score:2)
A bit odd that he doesn't use one of his own companies phones though....
Re: (Score:2)
Bezos got mega punished for being stupid enough to use an Apple product. Riddle me this: what kind of phone does Bezos carry today?
Re: (Score:2)
An iPhone? (Score:2)
Re: (Score:2)
https://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-bug-messages-hack-android-update-ios-mp4-video-a9206901.html
Re:An iPhone? (Score:5, Informative)
Re: (Score:2, Informative)
Really ? I know /. isn't a quarter of what it used to be but it's still a tech blog you should know better.
He installed WhatsApp which should be classified as malware but isn't because .. Facebook.
Reads like horseshit (Score:5, Insightful)
They weren't able to actually find any malware, and their conclusion hinges on increased traffic, which they don't even know where it went. iOS processes can't access each other's data. It's encrypted using separate keys per app, which you can't even access (they're in the secure enclave). So the only thing this "attack" (which I'm calling bullshit on) could have accessed would be WhatsApp. And they also don't explain how it gained persistence, which to me is an indicator that they don't know. I think Bezos wanted some exculpatory document which would blame someone other than Sanchez' relatives for leaking his dick pics. He probably paid a stupid amount for it, but his own security people would tell him unequivocally that this is horseshit.
Re: (Score:3)
Yes, you are correct, but of course for WhatsApp to do its thing users generally give it a lot of access including photos and contacts... and it's had this vulnerability for quite some time. Just because your phone has this kind of security doesn't mean your apps themselves are secure.
Re: (Score:3)
Re: (Score:2)
They probably used a 0-day exploit to steal a session key for his logged in phone, they remotely enable some cloud sync feature which triggers his phone to start syncing stuff to a cloud account, then exfiltrate from the cloud account.
Assuming it was iCloud, that probably would have enabled stuff from lots of apps to get synced... but it also seems like Apple would have evidence of what happened and would have been able to discover it in their investigation.
Smells like it too... (Score:3)
So they found an encrypted file and claim that data use increased after that. This seems a bit more reasonable in terms of pointing to malware, though it's more of a guess than a conclusion, but the problem is that there's nothing linking it to MbS as far as I can see. They blame some other Saudi, but don't say why, and it's quite confusing given how quick and certain they are with the attribution when they admit that they can't analyze the file. I'm sorry, but making your super secret hacking app fly th
Re: Smells like it too... (Score:1)
If he had a clue he wouldn't have wanted the Iphone X either. Convenience bites you in the backside. I text plenty of indiscreet things to my wife, but I am not a major blackmail target
Re: (Score:2)
At least there was more actual evidence linking MbS to murdering that WaPo contributor/arms dealer/terrorist.
WTF are you talking about?
Re: (Score:1)
Don't be stupid. It's NSO software:
https://www.telegraph.co.uk/te... [telegraph.co.uk]
It is accused of allowing its tool to be used to target activists and create a virus able to infiltrate WhatsApp, a messaging app used by 1.5 billion people. That spyware gives hackers full access to a targetâ(TM)s phone, including their camera and microphone.
âoeThe NSO are no amateurs at this and stop at nothing,â says Jake Moore, a cybersecurity specialist at Slovakian security firm Eset.
Other paywalled link:
https://www.ny [nytimes.com]
Re: (Score:2)
Yes, your post does read like horseshit.
What part of encrypted downloader is unclear?
What part of encrypted downloader is not SOP for malware?
Re: (Score:1)
This is the part I'm hung up on, too. TFS clearly states that there was no evidence of malware, then goes on to describe what is clearly malware, though perhaps not the entire payload - it may have simply deleted some of it's tracks after the initial infection was complete.
So, what we have left is a traffic log showing a mass export of data with no other possible cause, and a suspiciously encrypted downloader that is the only thing left on the system that could have been responsible. But since it is encry
Re: (Score:1)
It's not even "mass export of data", since the destination is not known. For all we know maybe Bezos was sending a bunch of dick pics to Sanchez at the time. Unless they have proof positive that this was done by malicious code (which they do not), this is all just a fancy way of saying "thank you very much" for a couple million dollars Bezos paid for this "investigation" and "Gavin DeBecker".
Re: (Score:2)
Sure they did WhatsApp is the elephant in the room.
Re: (Score:2)
Sure they did WhatsApp is the elephant in the room.
Wouldn't that be elephantshit then?
Re: (Score:2)
iOS processes can't access each other's data.
I agree with you that this is fishy, but some of your arguments are probably wrong.
Unless the attacker exploited a kernel vulnerability. Or maybe even just a userspace vuln that enabled root-level access.
It's encrypted using separate keys per app, which you can't even access (they're in the secure enclave).
Even assuming the encryption keys never leave the secure enclave (which is questionable for app data encryption keys, since there would be a big performance hit for jumping in and out of the secure enclave every time the app needed to decrypt its data; but lets assume the most-secure, least-performant cas
Time to laugh or cry? Whose ox got gored? (Score:3)
On every aspect of this story I feel more torn than the gored ox. The "laugh or cry" angle is one way to put it...
Should I laugh because Bezos has made a gigantic fortune by abusing other people's personal information and now HIS personal information is being abused?
Or should I cry because of the resulting EVIL? Your mileage may differ, but I think MBS is an evil murderer and he is going to continue doing bad things, possibly even using the personal information of Bezos himself to force or manipulate Bezos into supporting more EVIL.
In solution terms, I stopped using Amazon many years ago, even before Amazon started distorting the economy in bad ways. Personal problem, eh? I just think my freedom is more valuable than cheaper prices.
Maybe the biggest joke is the relationship between freedom and truth. It seems (to me) as though most people just don't get it.
Hmm... Can I fit the extreme example into the Amazon scenario? Consider omniscience...
What Jeff Bezos wants (as the personification of Amazon) is a special form of omniscience as regards your shopping. He wants to know everything about you as it pertains to your shopping preferences. Whatever you want to buy, he wants you to buy it from him. The joke is that perfect knowledge eliminates freedom. At that point you would have no choice in where to buy it from and Bezos would have no choice but to sell it to you.
(The peculiar joke goes all the way up just like the turtles go all the way down. If any omniscient gawd has any consistent principles, then that gawd would have no freedom, but would always have to act in accord with maximizing the values related to those principles. An omniscient being would know the best "option" at every decision point. A known future has no room for freedom in it. We are only free because of our imperfect knowledge, but (per my sig) I would argue that we still gain more freedom by learning more about our choices.)
False flag? (Score:2)
That file shows an image of the Saudi Arabian flag and Swedish flags
So if the file had been in a different language and contained different flags: say those of South Aftrica and Brazil, would those countries be accused of hacking the phone instead?
While it does appear that the phone was hacked by someone the "evidence" pointing to one place or another seems rather simplistic. I doubt that even being able to trace the first hop or two of where all that data went wouldn't actually get an analyst much closer to the perpetrators.
Re: (Score:3)
The reason the prince is suspected of hacking the phone has nothing to do with the contents of the video and everything to do with the fact that he sent the god damed file.
Re: (Score:2)
he sent the god damed file.
Riiiiiight. Someone would send an american who speaks no other languages a video in Arabic. Makes complete sense, doesn't it?
Re: (Score:3)
It is plausible that the Saudi prince was the target and forwarded it, or it forwarded itself. After all it not like that has never happened before and he doesn't strike me as likely to be very IT literate.
I’m still wondering what their WhatsApp IDs? (Score:2)
Are billionaires like regular people and use something like “TheBezoKnees”, “SaudiOilMan”, “ThePrinceofOil”, “FreewithPrime” or “ThePrimeDirector”.
As someone who's cleaned up after email viruses (Score:4, Interesting)
Bezos iPhone??? (Score:2)
Bezos, what a dunce.
Re: Bezos iPhone??? (Score:1)
It probably seemed like a good idea. Apple was saying their phone was so secure...
Re: (Score:2)
The shithouse of saud. End diplomatic relations with them.
Not easily done.
They own the largest refinery in the US [cnn.com].
Saudi Aramco, the kingdom's state-owned oil behemoth, took 100% control of the sprawling Port Arthur refinery in Texas on Monday [published May 1, 2017: 1:53 PM ET], completing a deal that was first announced last year.
Re: (Score:1)
Re: (Score:2)
So? Let them try to take it.
They did try and they were successful.
The government could tell more ... (Score:2)
... if only they had a backdoor into his phone and stuff.