How did they manage to hack Jeff Bezos’ phone?

Just 24 hours after Amazon CEO Jeff Bezos’ iPhone was hacked, his data usage apparently increased with 29,000%. Someone was syphoning huge amounts of personal data from his iPhone 10 — but at that stage, no-one knew where it was all going. 

This all happened in May 2018 after Mr Bezos received a weird WhatsApp message from Saudi Arabia’s crown prince, Mohammed bin Salman. The video file included a video of a Saudi and a Swedish flag alongside each other. Strange, right? He thought so too. The file turned out to contain a small 14-byte piece of malicious code that was designed to access everything on a device — apps, files and messages. 

The timeline

From the beginning of 2019, Mr Bezos started an investigation to find the root of the cause. This was prompted by a newspaper, The Enquirer, publishing some pictures of him with another woman (he was married at the time). He had to be hacked, how else would they get the files?

Turns out The Enquirer was fed pictures from the mistress’ brother. So they didn’t hack him, which turned him to hiring private investigators to find the source of the malware. Because he has an iPhone, it was particularly hard to find the root of the cause. Especially because he didn’t necessarily have to click on the file to download the malware — it could just infiltrate from the message itself. 

He turned to FTI Consulting in February 2019, a forensic investigation firm, who looked into several text messages that Mr Bezos had received from the WhatsApp account of the Saudi prince. In mid-May 2019, Mr Bezos handed over his iPhone X and asked FTI to run a full analysis on it. 

What they found

The investigation found that a whole bunch of apps were active during the time that the huge amount of data was leaving the phone. It included the Safari web browser and the Apple Mail program — both apps that Mr Bezos never really uses. The massive amounts of data could also point to cloud backup, but the dude didn’t even have an iCloud account. The plot thickens…

So the messages Prince Mohammed sent Mr Bezos following the hack pointed to him knowing more about Bezos’ personal life than he could have. Things you could only know if you had access to his personal phone. 

On 8 November 2018 he received a meme from the Prince that included a photo of a woman resembling Ms Sanchez. It read: “Arguing with a woman is like reading the software license agreement. In the end you have to ignore everything and click I agree.” Mr Bezos was discussing divorce with his wife at the time, so the message was ever-so creepy. 

The FTI report was thorough, we’ll give ‘em that. But it still couldn’t say with certainty that the malware came from the Prince’s message and said that it had “medium-to-high confidence” that it was that message. 

Sauce: New York Times