UN report alleges that Saudi crown prince hacked Jeff Bezos’s phone – Naked Security

A forensic examination of Amazon CEO Jeff Bezos’s mobile phone has pointed to it having allegedly been infected by personal-message-exfiltrating malware – likely NSO Group’s notorious Pegasus mobile spyware – that came from Saudi Arabia’s Crown Prince Mohammed bin Salman’s personal WhatsApp account.

The United Nations backed up the allegation by releasing details of the evidence on Wednesday.

The UN’s report said that full details from the digital forensic exam of Bezos’s phone were made available to its special rapporteurs. The release of the report followed a story about the hack from The Guardian that was published earlier on Wednesday.

The report was drafted by Agnes Callamard, a UN expert on extrajudicial killings who’s been probing the murder of The Washington Post columnist Jamal Khashoggi, and by David Kaye, who’s been investigating violations of press freedom. Bezos owns The Washington Post.

Khashoggi was killed in October 2018 by agents of the Saudi government after they allegedly used Pegasus to hack his friend’s phone.

According to the UN’s report, the crown prince’s WhatsApp account sent Bezos a taunting message a month after Khashoggi was murdered. From the report:

A single photograph is texted to Mr. Bezos from the Crown Prince’s WhatsApp account, along with a sardonic caption. It is an image of a woman resembling the woman with whom Bezos is having an affair, months before the Bezos affair was known publicly.

The richest man in the world had been having a seemingly friendly WhatsApp conversation with bin Salman when, on 1 May 2018, an unsolicited file was sent from the crown prince’s phone.

Within hours, a trove of data was exfiltrated from Bezos’s phone, although the forensic exam did not reveal what was in the messages.

According to the forensic details released by the UN, the unsolicited message coming from bin Salman’s WhatsApp account was a video. After it was received, Bezos’s phone started pumping out data at an extraordinary rate: the data egress increased by 29,156%. It not only stayed that high for months; it also hit rates as much as 106,031,045% higher than the phone’s normal data egress rates.

It looks like Bezos’s phone could have been infected with Pegasus mobile spyware, experts concluded. From the UN’s statement:

Experts advised that the most likely explanation for the anomalous data egress was use of mobile spyware such as NSO Group’s Pegasus or, less likely, Hacking Team’s Galileo, that can hook into legitimate applications to bypass detection and obfuscate activity. For example, following the initial spike of exfiltration after receipt of the suspect video file, more than 6GB of egress data was observed using exfiltration vectors.

Before it was patched in May 2019, a zero-day vulnerability in WhatsApp meant that with just one call, spies could access your phone and plant spyware – specifically, Pegasus.

The mobile spyware has been unleashed against Mexican political activists; targeted at the human rights-focused NGO Amnesty International in a spearphishing attack; and used against Ahmed Mansoor, a prominent human rights activist and political dissident in the United Arab Emirates who was sentenced to 10 years in jail and a fine of 1,000,000 Emirati Dirham (USD $272K) after being charged with “insulting the UAE and its symbols”.

In May 2019, Amnesty International filed a lawsuit seeking to stop the “web of surveillance” it says is enabled by NSO Group, the Israeli firm that makes Pegasus.

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.