
Jeff Bezos's phone 'hacked by Saudi crown prince' - mnem
https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince
======
rmsaksida
Pavel Durov argued that WhatsApp's vulnerabilities are intentionally created
as part of surveillance programs with government agencies. [1]

If that were true, Bezos's case would be an example of how that approach to
security is double-edged. Backdoors can be just as useful to foreign
intelligence as they are to whoever pushed for their implementation.

[1] [https://t.me/s/durov/109](https://t.me/s/durov/109)

~~~
eljimmy
That's one hell of a tinfoil-hat theory. How would you even orchestrate that
from within a public company with so many developers involved?

~~~
resters
Considering how few developers understand the subtleties of security, it would
not be all that difficult.

Also, FWIW we know that Google did this with its data center breach and likely
many other cases.

At WhatsApp/Google scale the attack is extremely cost effective.

~~~
aodin
Are you referring to the data center breaches exposed by the Snowden leaks?
Because Google claimed that they were unaware of the breach and quickly took
action to correct it [1]. Are you suggesting that Google was complicit?

[1] [https://www.zdnet.com/article/meet-muscular-nsa-accused-
of-t...](https://www.zdnet.com/article/meet-muscular-nsa-accused-of-tapping-
links-between-yahoo-google-datacenters/)

~~~
resters
I don't think Google has given us any reason to believe that it was not
complicit. For instance, why not include warrant canaries on gmail accounts?

There is not really any fundamental difference between abetting the data
center breach and opting not to offer warrant canaries. Likely tens of
thousands of Google users are searched every day due to easy FISC warrants and
wide investigative nets.

The state sponsored attacks on Google would of course allow Google to
plausibly deny cooperation, but obviously Google has every incentive to
cooperate fully, as is evidenced by the lack of warrant canaries.

~~~
iudqnolq
Warrant cannaries are of dubious legality and have yet to be seriously tested
in court. It makes total sense that a large company would not adopt something
potentially illegal.

A person on StackExchange put it well

> The distinction between revealing the existence of the subpoena by action,
> rather than by inaction, is a false one. It's exactly the kind of cutesy
> legal formality that non-lawyers love to rely on, but real judges ignore. If
> you tell someone: "Hey, you know John Smith's three sons, Joe, Ted, and
> Bill? Joe and Ted are good people; they have never molested any children. As
> for Bill--well, I don't have anything to say about Bill." If Bill is not a
> child molester, you have defamed him, and you are not going to convince a
> judge otherwise. [1]

Here's how the EFF puts it.

> Are there any cases upholding warrant canaries?

> Not yet. EFF believes that warrant canaries are legal, and the government
> should not be able to compel a lie. To borrow a phrase from Winston
> Churchill, no one can guarantee success in litigation, but only deserve it.

I'm also not sure how warrant canaries relate to your parents' point.

[1]:
[https://law.stackexchange.com/a/333](https://law.stackexchange.com/a/333)

~~~
throwaway17_17
I would just point out there is a very clear legal distinction between action
and inaction. Further, all of this only applies to the issuance and proper
service of an order compelling silence. I think the EFF’s common statement
that if the canary requires affirmative action to not deploy the court is in a
tough spot to compel that action. Also, I can say with a large amount of
certainty, that no judge blatantly ignores procedural or semantic formalities
out of hand. The judge in question may way the relevant factors and disagree
with an argument, although some judges built caseloads of precedent on just
such minor quibbles, but it is literally the judges job to at least consider a
technical argument on its merits.

------
Apocryphon
So MBS or someone in Saudi intelligence is somehow behind the leak of the
photos to the National Enquirer, and the subsequent divorce of the Bezos?

~~~
bb88
Where's the Feds on this? I don't find it comforting that attacks happening on
the US's free press go unanswered by law enforcement.

We should be indicting MBS.

~~~
rconti
Not only has the US president declared the press the "enemy of the people", he
also has a personal vendetta against Jeff Bezos for hurting his feelings. And
he's got a personal lackey doing his personal bidding at the head of the DOJ.

If anything, it's more plausible to have been directed by the President
(though it probably wasn't) than for any consequences of these actions to come
from this administration (which certainly won't happen).

------
mirimir
OK, so I'm just a random anonymous coward. And arguably obsessed with my
hobby.

But I'm puzzled that Bezos would be corresponding with MBS on the same device
that he uses for potentially embarrassing personal stuff. Isn't that just a
totally obvious OPSEC fail?

Edit: But that's what he did, isn't it?

And how could that be considered safe?

~~~
joe_the_user
I think this a good question.

The problem is that even the head of a ginormous company with a strong
connection to computer security generally (through AWS) is going to take
actions based on convenience rather than OPSEC discipline.

I think it's natural for any given human to chat with all one's friend on the
same level, with the same device and so-forth. A given individual can train
themselves to have hard walls in their personal dealings but I'd suspect that
individual would be a mid-level specialist, not the owner/manager/CEO who gets
their position by their ability to manage and connect with people, not through
technical expertise.

~~~
mirimir
I guess. But even before the Khashoggi assassination, MBS was arguably an
obvious threat. I can't imagine considering him a "friend".

I mean, I'd be gobsmacked if he mixed personal and business on the same
devices. That could be disastrous, not just embarrassing. So a third device
category doesn't seem unworkable.

Edit: Also, wouldn't someone like Bezos have security advisers? And how could
they have failed to warn him?

One could make a similar argument about MBS, of course.

~~~
joe_the_user
This reminds me of the way that Barrack Obama tried to keep his personal
cellphone once he became president. Having a personal relationship with the
wealthy and powerful is a unique thing since these are the ultimate decision
makers. I would guess that Bezos or anyone like him chats frequently with very
powerful people and that this is factor in him maintaining his own power and
influence. And mobile devices would seem to magnify that ability of the very
topmost people to connect directly with each other - ie, this was all done by
secretaries and through protocol but that's slower and can let one big boss
instantly sway another.

Of MBS doing his own spying and hacking is another way topmost people are
becoming "do it yourself-ers".

~~~
iron0013
I shudder to think what would have happened if Obama had ultimately refused to
give up his personal phone, and every half-talented hacking group on the
planet had pwned it six ways from Sunday—what a national security disaster
that would have been! Oh wait

~~~
ta999999171
The Clinton server wasn't really interesting because she broke the rules...it
was because the Chinese/whomever could grab stuff and the owners had plausible
deniability.

~~~
kyboren
I'm pretty sure GP was actually referring to President Trump's refusal to give
up his personal tweet gun^W^Wsmartphone.

~~~
ta999999171
I'm just talking tech, not partisan politics.

------
krn
I pointed this out 11 months ago:

[https://news.ycombinator.com/item?id=19122206](https://news.ycombinator.com/item?id=19122206)

~~~
nsajko
Some informative links to make you scared about democracy, or just your
safety:

[https://en.wikipedia.org/wiki/Pegasus_(spyware)](https://en.wikipedia.org/wiki/Pegasus_\(spyware\))

[https://citizenlab.ca/2019/10/nso-q-cyber-
technologies-100-n...](https://citizenlab.ca/2019/10/nso-q-cyber-
technologies-100-new-abuse-cases/)

[https://citizenlab.ca/2018/06/government-spyware-
surveillanc...](https://citizenlab.ca/2018/06/government-spyware-surveillance-
mexico/)

[https://citizenlab.ca/2017/02/bittersweet-nso-mexico-
spyware...](https://citizenlab.ca/2017/02/bittersweet-nso-mexico-spyware/)

[https://citizenlab.ca/](https://citizenlab.ca/)

~~~
dmamills
Why are these down voted? I'd say these Citizen Lab reports are HIGHLY
relevant to this discussion topic.

------
clubm8
I wonder how often less high profile folks get hit with stuff like this?

On one hand, zero days are rare and expensive.

OTOH someone who isn't the CEO of a major company might not notice the
malware, or if they do, not know they should forward it to an organization
like Citizen Lab.

~~~
OrgNet
> zero days are rare

really?

~~~
bob33212
Zero days are plentiful. But there are only a handful that you could buy today
which could potentially give you access to a CEO's phone. The only other
option is to build your own team to find a zero day for you, which is not
cheap or quick.

------
nlh
Apparently I’m the only person on earth who wants to know what kind of phone
Bezos was using, which OS version, etc. It seems like this detail is
conveniently being left out of every story.

Anyone have any additional details? I understand that it was a WhatsApp
vulnerability (Pegasus?) but I’d still like to know more about the device.

~~~
mzs
Office of the High Commissioner for Human Rights report confirms it was iOS
(page 2)

[https://www.ohchr.org/Documents/Issues/Expression/SRsSumexFr...](https://www.ohchr.org/Documents/Issues/Expression/SRsSumexFreedexAnnexes.pdf)

more:
[https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?N...](https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25488)

------
mzs
Pegasus as expected according to another person claiming to have been hacked,
also a report expected out in the coming months
[https://twitter.com/iyad_elbaghdadi/status/12197417733014528...](https://twitter.com/iyad_elbaghdadi/status/1219741773301452800)

------
henryw
I'm glad it's fixed now.
[https://www.facebook.com/security/advisories/cve-2019-11931](https://www.facebook.com/security/advisories/cve-2019-11931)

~~~
danso
At the time, FB said it didn't believe the bug had been exploited: _In this
instance there is no reason to believe users were impacted._ [0] The alleged
hack of Bezos happened in May 2018, about 18 months after the Nov 2019 bug
fix. I wonder if FB's statement was just boilerplate PR or if they really did
substantial forensics to have "no reason to believe users were impacted".

[0] [https://nakedsecurity.sophos.com/2019/11/20/update-
whatsapp-...](https://nakedsecurity.sophos.com/2019/11/20/update-whatsapp-now-
mp4-video-bug-exposes-your-messages/)

~~~
penagwin
Anecdotal, but a lot of times phrases similar to that are used because the
real answer is "We don't have any way of knowing if users were actually
impacted" and it's obviously far better for PR to phrase it that way.

~~~
BelleOfTheBall
It does sound better but here's the thing: this is Jeff Bezos. He's one of the
most high-profile people on the planet. If his phone was hacked through
WhatsApp, he clearly filed a complaint and told them what had happened. They
just didn't manage to patch it for over a year and then stated they 'had no
way of knowing' even though this clearly proves it happened.

------
ineedasername
Is there any detail on the nature of the exploit? It seems to have been
triggered by receipt of a video in WhatsApp. Was the flaw in WhatsApp itself?
Or would the exploit have occurred regardless of which messaging/transfer
mechanism was used to deliver the video? Has this been fixed? Is it even a
documented exploit or is it simply known that it had something to do with the
WhatsApp video, but not the actual methodology?

------
hloiuweri
One thing which this article doesn't address at all, is what is the beef
between MBS and Bezos? Why would the Saudi prince leak this data? How did
Amazon upset him?

~~~
chance_state
Perhaps as a favor to Trump who constantly whines about WaPo and Bezos?

~~~
dwd
I think at the very least they would have bet on the WH looking the other way
while they conducted an attack on a prominent US citizen. At worst it could be
another "favour" attached to military procurement.

------
schalab
Explanation 1:

Lauren Sanchez(bezos' new girfiend) along with her brother Michael(who is also
her agent), leaked the story to force Bezos to divorce his wife and get along
with her.

Explanation 2:

The crown prince of Saudi Arabia personally sent a trojan file, downloaded all
the data, distributed it through a gossip rag he happens to be friends with,
for some kind of revenge/message

I get why Bezos has to go with explanation 2 because explanation 1 would
indicate the girl he wants to have sex with or her brother is manipulative. I
dont see why the rest of us have to go along with this. Even this anonymous
source says he has "high confidence" not anywhere near certainty.

~~~
streb-lo
Is explanation 2 supposed to be outlandish?

A country like Saudia Arabia is going to use every tactic possible to combat
their asymmetry with the West. It's not the crown prince personally having
someone cook up a trojan for him -- it's their national apparatus deciding
that free potential leverage over influential Americans is a worthwhile
pursuit.

------
patja
Last time I stayed at an AirBnb in Prague, the owners preferred method of
communication was WhatsApp. When I went to install it I was confronted with no
other choice than allowing it to import all my contacts, even though there was
only one person I wanted to communicate with.

I was aware of these vulnerabilities and generally am protective of handing
out PII, especially information others have entrusted to me. So I didn't give
it access to hundreds of business and personal contacts spanning decades of
work and life.

How do others deal with this who perhaps don't have the choice to just say
"I'm going to text you instead for the 4 days we are going to have a need to
communicate"? Do you keep a full set of contact data outside your phone's
contacts for information you don't want shared? Private and public contacts?

~~~
st1ck
Somewhat recent Android versions have work profile which at the very least
gives you a sandbox for all apps you want to be isolated from the main
profile. Unfortunately, all those work profile apps still share data between
themselves. Maybe it was improved lately.

------
LatteLazy
The wider question here is how to handle Saudi Arabian trades in Western
markets. Every and any deal undertaken by a state actor (MBS, any of the 1000s
of princes the place is littered with, the sovereign wealth fund or the state
or semi state companies) could well be the result of insider trading...

And thats just the public markets. Imagine the advantage you would have in
startup investing if you could covertly read all the internal discussions, the
founders texts and emails, remotely access their meetings with lawyers,
accountants and other VCs.

No wonder SA is suddenly interested in Silicon Valley

------
tasubotadas
This gives me tremendous respect for Jeff.

Most likely his marriage fell apart because of this costing him personally
~25B. But that means that he didn't give in to whatever Mr Prince wanted.

~~~
aedron
Yes, it seems he was pretty hardcore about it. "Go ahead, publish it."

Since J. Edgar Hoover, it is has been an open secret that blackmail drives the
upper echelon of politics and media. The Bill Clinton thing is another
example, pretty sure he put his foot down and said fuck it, hence Lewinsky
turning up with a tainted dress from 8 months ago, and down goes the U.S.
president. How many just acquiesce and play along quietly?

More people should have guts like Bezos (probably did). Though at some point,
I'm sure the shadow people will just fall back on good old violence, like the
Epstein case.

------
amelius
What brand was the phone and OS?

~~~
eatmyshorts
It doesn't matter. The Whatsapp exploit affected both IOS and Android:
[https://appleinsider.com/articles/19/05/13/whatsapp-
vulnerab...](https://appleinsider.com/articles/19/05/13/whatsapp-
vulnerability-left-ios-open-to-spyware-attack)

~~~
amelius
That's interesting. How would that work? Under Android, all apps effectively
run inside a Java sandbox, right? So how would the attackers be able to
install spyware through Whatsapp?

~~~
verroq
There are more exploit chains for Android and iOS that can be used once RCE is
achieved.

------
derefr
So, anyone want to hazard a guess on why the prince would want the optics of
being seen to have been responsible for the hack (as opposed to trying to
cover that up by, say, not using his very own account)?

~~~
angry_octet
Firstly, he's an idiot. His staff obviously don't brief him on the likely
consequences of actions, they just go do it. Because he's a brutal dictator
who has disloyal people executed.

Secondly, Saudi's don't have their own advanced cyber capabilities (unlike
Iran, UAE, Israel, etc), they rely on buying help. And single use, no
interaction, 0day RCEs for recent phones (and we can assume latest iOS or
Pixel) are not that available. So they used what they could get their hands
on.

It beats me that they couldn't steal the phone of someone else in Bezos's
WhatsApp contacts and impersonate them. Maybe Bezos wouldn't have opened the
attachment. But overall, I think they are just dumb.

There remains a small possibility that someone hacked the phone of MbS (I
mean, everyone has thoughts about doing that) and then pivoted to attacking
people in his contacts. But the whole NSO group involvement makes me think it
wasn't that.

------
tasssko
Is it that easy to be hacked with WhatsApp?

~~~
WilTimSon
Well, here's a list of known WhatsApp hacks that were revealed in 2019:

Call hack [0]: [https://www.wired.com/story/whatsapp-hack-phone-call-voip-
bu...](https://www.wired.com/story/whatsapp-hack-phone-call-voip-buffer-
overflow/)

Video hack [1]: [https://thehackernews.com/2019/11/whatsapp-hacking-
vulnerabi...](https://thehackernews.com/2019/11/whatsapp-hacking-
vulnerability.html)

GIF hack [2]: [https://thehackernews.com/2019/10/whatsapp-rce-
vulnerability...](https://thehackernews.com/2019/10/whatsapp-rce-
vulnerability.html)

That call hack was famously used by NSO, hitting thousands of people [3]:
[https://thehackernews.com/2019/10/whatsapp-nso-group-
malware...](https://thehackernews.com/2019/10/whatsapp-nso-group-malware.html)

Hack that let anyone crash the apps for all members of a group chat [4]:
[https://thehackernews.com/2019/12/whatsapp-group-
crash.html](https://thehackernews.com/2019/12/whatsapp-group-crash.html)

I think I'm actually missing one more. These are just the widely known ones,
mind you, and just for 2019.

~~~
TwoBit
"The flaw (CVE-2019-3568) successfully allowed attackers to silently install
the spyware app on targeted phones by merely placing a WhatsApp video call
with specially crafted requests, even when the call was not answered."

Geez that seems pretty incompetent.

------
kshacker
Whatsapp allows desktop clients. I use it too. It is technically possible for
someone to hijack this desktop client and do this without MBS's involvement,
as long as MBS authorized that desktop. I think you need proximity, but you
can have a computer near the prince, and that computer being remotely
controlled by someone sitting far away.

Not saying this happened ... but there are many ways to blame it on prince and
many ways to defend him (and blame a subordinate).

~~~
jessriedel
I thought the Whatsapp desktop client was just a glorified remote control for
the phone, and could not actually function as a standalone client by itself?

~~~
kshacker
It is a remote control, but a case could be made that even though the prince
had the phone with him, someone did it from his computer [ Of course assuming
he was not looking at his phone at that time. ]

I am not on prince's side, just saying ...

~~~
Totoradio
If you're thinking of a private actor, I think that once you have access to
MBS phone, you run to Doha before attacking Bezos. Qatar would pay a ton of
money for that access.

If you're thinking of a state actor except Saudi Arabia, I think there would
be much easier and more discreet vectors to Jeff Bezos Whatsapp than MBS phone
(literally almost any of Bezos other contacts would be less risky).

------
conston
This is why for the past 7 years I have rejected any files sent to me, and
insist on receiving cloud links such as google, dropbox etc.

------
danso
> _This analysis found it “highly probable” that the intrusion into the phone
> was triggered by an infected video file sent from the account of the Saudi
> heir to Bezos, the owner of the Washington Post._

Any more information on how this type of attack works? Is it a vulnerability
in Whatsapp, or was whatsapp just the delivery platform?

~~~
nopriorarrests
first paragraph: The Amazon billionaire Jeff Bezos had his mobile phone
“hacked” in 2018 after receiving a WhatsApp message that had apparently been
sent from the personal account of the crown prince of Saudi Arabia, sources
have told the Guardian.

So, not snapchat, but whatsapp. And it's quite surprising for me. So, Saudis
have 0 days which work on whatsapp on iphone (I suppose Bezos uses iphone)? I
mean, FB and AAPL, which both can afford tens of billions in security
research, were pwned by saudi 0day? hmmm...

~~~
spzb
Wouldn't be that surprising. Zero days are available to the highest bidder and
Saudi princes have deep pockets.

~~~
nopriorarrests
Honest question. Given that RCE's are extremely rare, can't FB and AAPL
announce 100M USD bounty to get them first and patch them, avoiding bad PR and
brand impact? Damn, make it 200M?! Or bad actors can easily pay 5x more to
exploit said 0 day on a few targets, so hackers will sell to them instead?

~~~
icandoit
I would like to see bounties offered no questioned asked too.

That way someone on the payroll of nefarious inc. my decide to share it with
Google or Apple the same time as their boss.

~~~
nopriorarrests
Actually, this is my second question. How much money FB/AAPL are ready to pay
for a security researcher who can find 0 day in their software to work full-
time for them? Is Nefarius Inc. really competitive with them, salary-wise? I
just can't grasp the economics here. Back in 90's, being a bad guy was
probably more lucrative, but now, when established IT companies have market
cap in trillion zone... what makes people work for nefarius inc?

~~~
mywittyname
> what makes people work for nefarius inc?

Very good pay; the ability to work remotely; pride/prestige; community;
political reasons.

Being a good digital thief is still very lucrative, especially for people
living in low income areas with relatively lax law enforcement. These people
can run encrypted computer extortions, steal bitcoin wallets, run/sell
botnets, fence digital goods, run underground ad networks, and consult.

------
busymom0
I am not buying this story. With all the other possible options, why would
someone like MBS do it from his very own phone which this article claims? It
sounds more like someone is trying to frame MBS.

------
angry_octet
Talk about lousy deniability.

I wonder how many Alexas there are in Saudi.

------
LatteLazy
Don't deal with the Saudis. History will look back on you the same way it
looks back on people shaking hands with Hitler. I'm not kidding.

~~~
lgl
The US is the world's largest weapons exporter and Saudi Arabia is the world's
largest weapon importer. I'm not sure even a Hitler level calamity would make
the US stop dealing with them. They're holding their hands and complementing
their "leadership skills" ffs...

~~~
LatteLazy
I think the oil will run out (or we'll transition to other energy sources),
then Saudi will just wither and the special relationship will disappear.

But yeah, it won't end because of morality.

------
lawnchair_larry
This sounded plausible until I read the first sentence. Why would MBS be the
one executing the attack, and using his personal account to do it?

~~~
p0rkbelly
The Saudi Royal Family simply do not care and walk around with impunity. They
thumb their nose at the law and the world order and think they deserve to do
whatever they want. This is exactly the same as the Khagoshi execution where
overwhelming evidence and implication, but, play naive and put on a big sham
investigation. Just how when Russian agents poisoned the Skripals and said
they were their to view a church steeple.

~~~
lawnchair_larry
This does seem the most likely, as hard as it is to believe. I guess when you
have hierarchies based on blood rather than competency, this is what you end
up with.

~~~
p0rkbelly
That and no outside government has every held them accountable for anything.
Or him accountable for anything.

------
ptah
as per usual there will be zero consequences

------
nif2ee
>Jeff Bezos chatting with Mohammed bin Salman on WhatsApp

Not sure whether this is a yet another fake story sponsored by the Qataris,
who infiltrated the liberal western media with their isalmist and ultra left
minions all over in the name of diversity, since their rift with the Saudis in
mid 2017 or the richest man on Earth is actually retarded enough to chat with
a head of state like Saudi Arabia on fucking WhatsApp

------
goldcd
My gut response to this is "bullshit"

Not based on the Saudi's not buying zero-day-exploits, but on them using them
from the crown prince's account directly against Jeff.

~~~
Zooper
Why? Bezos isn't going to open any other videos from someone else. The US
executive branch won't do a thing, in case the Saudis decide to stop buying US
treasury bonds in exchange for oil. Then they might stop buying weapons, which
funds the inflated military industry, and then they might buy weapons from
someone else and begin keeping larger reserves of their currency. This
exchange is worth more to those in power than Bezos' love life.

