iPhone X passcode screenSource: iMore

What you need to know

  • Bezos has long pointed the finger at Saudi Arabia.
  • A new report commissioned by him suggests a WhatsApp video might have carried a payload.
  • That video came from an account used by crown prince, Mohammed bin Salman.

Amazon founder Jeff Bezos may have had his iPhone X compromised by a video he received via WhatsApp, according to a report his security team commissioned. Amazingly, that video appears to have been sent from an account belonging to Saudi Arabia's crown prince, Mohammed bin Salman.

The New York Times reports on the file and the fact that it might have given attackers access to anything and everything on the iPhone X owned by Bezos. That would include messages and images that became part of the reason for the billionaire's divorce from his wife.

Amazingly, the message appears to have come from the prince after he and Bezos exchanged phone numbers at a prior meeting. It's likely the message in question was sent by someone other than the prince, however.

The video, a file of more than 4.4 megabytes, was more than it appeared, according to a forensic analysis that Mr. Bezos commissioned and paid for to discover who had hacked his iPhone X. Hidden in that file was a separate bit of code that most likely implanted malware that gave attackers access to Mr. Bezos' entire phone, including his photos and private communications.

Mr. Bezos has been on a singular quest to find out who penetrated the device since early 2019, when he said The National Enquirer's parent company had threatened to release private photographs and texts, and the forensic study was part of that effort. Those pictures and messages showed Mr. Bezos, who was married at the time, with another woman, Lauren Sanchez. The analysis did not connect the hack to The Enquirer.

The report is now part of a United Nations push regarding the malware that may have been used to make the attack possible. And the UN believes the malware again points towards Saudi Arabia.

The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group's Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials. This would be consistent with other information. For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.

While Saudi Arabian officials deny any involvement in the mess, the UN believes that there is enough smoke here to suggest the fire started in one place – Saudi Arabia's back yard.

The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia. The allegations reinforce other reporting pointing to a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities, including nationals and non-nationals. These allegations are relevant as well to ongoing evaluation of claims about the Crown Prince's involvement in the 2018 murder of Saudi and Washington Post journalist, Jamal Khashoggi.

The NYT has more detail on exactly why the Saudi government might have had motive to make all of this happen so be sure to head over there to fill in any gaps.