Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

UN urges US investigation into Bezos iPhone hacking

Amazon CEO Jeff Bezos [via Seattle City Council]

Last updated

The United States and other governments need to investigate the hacking of Amazon CEO Jeff Bezos' iPhone, experts in the United Nations have urged, while details of the report show how the attack stemming from a message sent by Saudi Arabia crown prince Mohammed bin Salman allowed attackers to acquire a considerable amount of data from the device.

In a statement, UN Special Rapporteur Agnes Callamard and David Kaye explain the information received from a private investigation into the Bezos hacking "suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos." It is proposed the attempts were made "to influence, if not silence, The Washington Post's reporting on Saudi Arabia."

"The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities," said the rapporteurs, "including investigation of the continuous, multi-year, direct, and personal involvement of the Crown Prince in efforts to target perceived opponents."

The surveillance using malicious software "is a concrete example of the harms that result from the unconstrained marketing, sale, and use of spyware," the statement reads. "It underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology."

The UN believes the timing and circumstances of the hacking and surveillance of Bezos "also strengthen support for further investigation by US and other relevant authorities of the allegations that the Crown Prince ordered, incited, or at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul." Khashoggi was a journalist who wrote for the Washington Post, and whose murder during a visit to an embassy was reportedly captured on an Apple Watch.

In the summary of the analysis seen by the UN, Bezos' iPhone was infiltrated on May 1, 2018 via an MP4 video sent from a WhatsApp account personally used by Salman, with the two men exchanging contact details just one month prior to the hack.

Within hours of seeing the video, Bezos' iPhone then sent a large amount of data, raising from his daily average data egress of 430KB to 126MB, a rise of 29,156 percent. The data spiking continued for months, and at rates as high as 106 million percent higher than normal, indicating gigabytes of data was accessed.

In the full version of the report supplied to the UN by security firm FTI Consulting, published by Motherboard, Bezos' iPhone is identified as model number A1901, an iPhone X. Rather than containing malware in the video file, it is believed the attack was performed via an encrypted downloader, one that was possibly embedded in the video, which then downloaded a payload to perform the attack itself.

It is thought Crown Prince advisor and friend Saud al Qahtani procured the tools for the attack. President and chairman of the Saudi Federation for Cybersecurity, Programming, and Drones, Qahtani was apparently known for acquiring hacking tools on a regular basis, with spyware such as NSO Group's Pegasus or Hacking Team's Galileo likely to have been used to acquire the data.

For analyzing the iPhone, FTI used the Cellebrite UFED 4PC Ultimate and Physical Analyzer to acquire forensic images over a two-day period. Cellebrite is known for providing tools to law enforcement agencies for digital forensic analysis of smartphones and other devices.

Before the UN's statement, the Saudi Embassy in the United States dismissed the report on Twitter, calling the suggestion "absurd" while calling for a full investigation.



18 Comments

seanismorris 8 Years · 1624 comments

Should we assume the conclusion to the US’s investigation is predetermined? And, “we don’t want to know” is the official policy when looking into the actions of Saudi Arabia?

mknelson 9 Years · 1148 comments

Should we assume the conclusion to the US’s investigation is predetermined? And, “we don’t want to know” is the official policy when looking into the actions of Saudi Arabia?

No… not without evidence.

entropys 13 Years · 4316 comments

there are two worrying aspects of this story.  Leaving aside the first one, the heinious behaviour of theSaudis (really need energy independence from them, roll on fracking!),

Why did Bezos have the UN investigate rather than his own country? Did Bezos approach the UN? how did this investigation come about?

What powers does a UN special rapporteur  have? Under what authority do they operate? I always thought they worked for the Human Rights Commission. Now they do cybercrime?
Do they do less high profile investigations? You know, like child slavery in countries that are on the UNHRC?

.
Should we assume the conclusion to the US’s investigation is predetermined? And, “we don’t want to know” is the official policy when looking into the actions of Saudi Arabia?
What US investigation? In fact according to the article the UN special rapporteur is demanding the US do an investigation.  There is a lot to feel very uncomfortable about in this story apart from a high profile phishing attack by a state leader on a major corporate player. Or did Bezos approach US agencies and got no love? The article doesn’t say.

StrangeDays 8 Years · 12986 comments

I’d like to know more about how the MP4’s payload was able to execute the attack — retrieving useful content from his iPhone and transmitting it. 

fastasleep 14 Years · 6451 comments

Kushner also chats with MBS via WhatsApp. Given his security clearance problems, that’s a problem.