UN urges US investigation into Bezos iPhone hacking
The United States and other governments need to investigate the hacking of Amazon CEO Jeff Bezos' iPhone, experts in the United Nations have urged, while details of the report show how the attack stemming from a message sent by Saudi Arabia crown prince Mohammed bin Salman allowed attackers to acquire a considerable amount of data from the device.
Amazon CEO Jeff Bezos [via Seattle City Council]
In a statement, UN Special Rapporteur Agnes Callamard and David Kaye explain the information received from a private investigation into the Bezos hacking "suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos." It is proposed the attempts were made "to influence, if not silence, The Washington Post's reporting on Saudi Arabia."
"The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities," said the rapporteurs, "including investigation of the continuous, multi-year, direct, and personal involvement of the Crown Prince in efforts to target perceived opponents."
The surveillance using malicious software "is a concrete example of the harms that result from the unconstrained marketing, sale, and use of spyware," the statement reads. "It underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology."
The UN believes the timing and circumstances of the hacking and surveillance of Bezos "also strengthen support for further investigation by US and other relevant authorities of the allegations that the Crown Prince ordered, incited, or at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul." Khashoggi was a journalist who wrote for the Washington Post, and whose murder during a visit to an embassy was reportedly captured on an Apple Watch.
In the summary of the analysis seen by the UN, Bezos' iPhone was infiltrated on May 1, 2018 via an MP4 video sent from a WhatsApp account personally used by Salman, with the two men exchanging contact details just one month prior to the hack.
Within hours of seeing the video, Bezos' iPhone then sent a large amount of data, raising from his daily average data egress of 430KB to 126MB, a rise of 29,156 percent. The data spiking continued for months, and at rates as high as 106 million percent higher than normal, indicating gigabytes of data was accessed.
In the full version of the report supplied to the UN by security firm FTI Consulting, published by Motherboard, Bezos' iPhone is identified as model number A1901, an iPhone X. Rather than containing malware in the video file, it is believed the attack was performed via an encrypted downloader, one that was possibly embedded in the video, which then downloaded a payload to perform the attack itself.
It is thought Crown Prince advisor and friend Saud al Qahtani procured the tools for the attack. President and chairman of the Saudi Federation for Cybersecurity, Programming, and Drones, Qahtani was apparently known for acquiring hacking tools on a regular basis, with spyware such as NSO Group's Pegasus or Hacking Team's Galileo likely to have been used to acquire the data.
For analyzing the iPhone, FTI used the Cellebrite UFED 4PC Ultimate and Physical Analyzer to acquire forensic images over a two-day period. Cellebrite is known for providing tools to law enforcement agencies for digital forensic analysis of smartphones and other devices.
Before the UN's statement, the Saudi Embassy in the United States dismissed the report on Twitter, calling the suggestion "absurd" while calling for a full investigation.
Amazon CEO Jeff Bezos [via Seattle City Council]
In a statement, UN Special Rapporteur Agnes Callamard and David Kaye explain the information received from a private investigation into the Bezos hacking "suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos." It is proposed the attempts were made "to influence, if not silence, The Washington Post's reporting on Saudi Arabia."
"The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities," said the rapporteurs, "including investigation of the continuous, multi-year, direct, and personal involvement of the Crown Prince in efforts to target perceived opponents."
The surveillance using malicious software "is a concrete example of the harms that result from the unconstrained marketing, sale, and use of spyware," the statement reads. "It underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology."
The UN believes the timing and circumstances of the hacking and surveillance of Bezos "also strengthen support for further investigation by US and other relevant authorities of the allegations that the Crown Prince ordered, incited, or at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul." Khashoggi was a journalist who wrote for the Washington Post, and whose murder during a visit to an embassy was reportedly captured on an Apple Watch.
In the summary of the analysis seen by the UN, Bezos' iPhone was infiltrated on May 1, 2018 via an MP4 video sent from a WhatsApp account personally used by Salman, with the two men exchanging contact details just one month prior to the hack.
Within hours of seeing the video, Bezos' iPhone then sent a large amount of data, raising from his daily average data egress of 430KB to 126MB, a rise of 29,156 percent. The data spiking continued for months, and at rates as high as 106 million percent higher than normal, indicating gigabytes of data was accessed.
In the full version of the report supplied to the UN by security firm FTI Consulting, published by Motherboard, Bezos' iPhone is identified as model number A1901, an iPhone X. Rather than containing malware in the video file, it is believed the attack was performed via an encrypted downloader, one that was possibly embedded in the video, which then downloaded a payload to perform the attack itself.
It is thought Crown Prince advisor and friend Saud al Qahtani procured the tools for the attack. President and chairman of the Saudi Federation for Cybersecurity, Programming, and Drones, Qahtani was apparently known for acquiring hacking tools on a regular basis, with spyware such as NSO Group's Pegasus or Hacking Team's Galileo likely to have been used to acquire the data.
For analyzing the iPhone, FTI used the Cellebrite UFED 4PC Ultimate and Physical Analyzer to acquire forensic images over a two-day period. Cellebrite is known for providing tools to law enforcement agencies for digital forensic analysis of smartphones and other devices.
Before the UN's statement, the Saudi Embassy in the United States dismissed the report on Twitter, calling the suggestion "absurd" while calling for a full investigation.
Comments
Why did Bezos have the UN investigate rather than his own country? Did Bezos approach the UN? how did this investigation come about?
Do they do less high profile investigations? You know, like child slavery in countries that are on the UNHRC?
.
What US investigation? In fact according to the article the UN special rapporteur is demanding the US do an investigation. There is a lot to feel very uncomfortable about in this story apart from a high profile phishing attack by a state leader on a major corporate player. Or did Bezos approach US agencies and got no love? The article doesn’t say.
I am curious about this encrypted downloader. And how it can piggyback on the MP4 which only acts as Trojan Horse.
Coal Seam Gas extraction appears to have even less problems, and that most definitely isn’t drinking water.
1) Amazon are about to release a new Fire Phone that’s “more secure than iPhone”.
2) The FBI have just found a new cyber security tech vendor.
3) Us White folk aren’t as smart as we were led to believe.
4) WhatsApp isn’t the benevolent communication platform non-Apple users were fooled into thinking.
5) Bezos needs a new phone (see point 1)
Wouldn't we all...
LoL
Consider the heads of state, ultra rich, and company executives that he is in contact with. It is basically every person with significant power in the world. If anyone received a message from him or his reps, they really should go get it checked, get new devices and only have correspondence with him through paper mail only.
This gives a bleak picture of Apples coding practices. The ‘player’ is almost certain an Apple framework allowing this exploit, which means it isn’t coded in Swift (which doesn't allow for buffer overruns and similar problems) which is bad, but it also means that legacy code isn’t checked for the most obvious and known security problems.
The root exploit, needed to get out of the sandbox and have sufficient rights to operate cross platform and share information without the user knowing it is also unforgivable. It means that the operating system isn’t screened for such things (or screened in a very bad way).