iPhone belonging to Amazon CEO Jeff Bezos was hacked by a Saudi Arabian prince Mohammed bin Salman (MBS) or operatives working on his behalf.
According to forensic examination on the phone it was found that it was compromised using tools procured by Saud al Qahtani who is a close friend of the prince. Researchers also stated that the phone was not infected with malware but it had a suspicious file, whose download from a WhatsApp message preceded the months-long exfiltration of a large volume of data.
Hours after the encrypted downloader was received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter. The daily exfiltration of data on the phone ticked up from 430KB to 126MB after the video, which appeared to be a promotional video in Arabic about telecommunications.
According to Rosa Smothers, senior vice president of cyber operations at KnowBe4, the reporting indicates that Mr. Bezos was in a WhatsApp chat with KSA’s Mohammed bin Salman when — unprompted — the Prince sent him a video file. He stated that the motive was striking at Bezos, who owns the Washington Post, which had reported extensively about the October 2018 murder by the Kingdom of the Post’s journalist Jamal Khashogi.
Roger Grimes, data-driven defense evangelist at KnowBe4, expressed doubt that MBS might not have hacked Bezos’s phone as using his own account would be too easy to be traced.
Instead, it is likely that someone had broken into the Prince’s phone by exploiting an unknown WhatsApp flaw and then used his existing network of contacts and trust to spread to other targets, of which Bezos was one.
This leads to a nation state intelligence agency as the Saudis aren’t known for their cutting-edge hacking. Any nation state can buy that expertise, which is what might have occurred here.