Billionaire’s iPhone reportedly hacked by Saudi Crown Prince Mohammed bin Salman (MBS)

It might have been a few weeks ago, but one of the most trending topics in cybersecurity was the alleged hack of billionaire Jeff Bezo’s iPhone. The Saudi Crown Prince Mohammed bin Salman (MBS), who allegedly broke into the Amazon’s CEO, Jeff Bezo’s phone via a WhatsApp message (an inoffensive video file). Initial allegations were that the Saudi government might have hacked Amazon’s Jeff Bezo’s iPhone, but further reports suggested that the Crown Prince himself might have been responsible.

Photo of Amazon CEO Jeff Bezos founder Jeff Bezos

Further reports and investigation into the hack of billionaire revealed suspicious files without any clear evidence of malware on the phone due to the encrypted feature of WhatsApp that prevented them from analyzing the file itself. The file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted, this delayed or further prevented the study of the code delivered along with the video.

The investigators released a timeline that alleges MBS personally sent Bezos an encrypted video file on May 1, 2018, via a WhatsApp message. “It was later well-known, with reasonable certainty, that the video’s downloader infected Mr. Bezos’ phone with malicious code,” according to FTI Consulting.

It was also reported that technical scrutiny found it was “highly probable” that the file contained “malware that penetrated Bezos’s mobile phone and the amount of data transmitted out of Bezos’ phone changed intensely after receiving the WhatsApp video file and never returned to reference point. Following the execution of the encrypted downloader sent from the Saudi Crown Prince’s account, egress on Bezo’s device immediately jumped by approximately 29,000 percent,” it notes.



Forensic pieces show that in the six (6) months prior to receiving the WhatsApp video, Bezos’ phone had an average of 430KB of egress per day, honestly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to an alarming 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months after that, including many massive and highly unusual spikes of egress data.

According to the FTI Consulting report obtained, the analysts set up a secure facility to scrutinize the phone and its pieces for over two days but were unable to discover any malware on the device. Instead, they found an encrypted video “suspicious” because within hours of it being received, “an enormous and illegal exfiltration of data from Bezos’ phone began, continuing and rising for several months after that.” Although, it is still not clear what precise information was taken from Amazon’s CEO phone within the period of the hack or how whatever obtained information may have been used.

Why Would the Saudi Crown Prince hack Jeff Bezos?

Saudi Crown Prince Mohammed bin Salman

Saudi Crown Prince Mohammed bin Salman

This time flow of the hack dates back to when the Saudi government was eagerly concerned Washington Post columnist Jamal Khashoggi was killed in October 2018, Jeff Bezos also owns the Washington Post. Further investigations by the CIA discovered that the Saudi Crown prince had approved the killing, MBS has blatantly denied this allegation.

Also, a UN special rapporteur, Callamard, had already completed a six-month investigation that found “credible evidence” that high-level Saudi officials including MBS oversaw and carried out Khashoggi’s murder. The statement of the UN on this issue is trying to show that the Saudi government also waged an effort to silence or smear those who kept calling out the Kingdom’s misdeeds, including the Amazon CEO for this ownership of the Washington Post

Suspicions that the Saudi government had hacked Jeff Bezo’s phone increased shortly after reports of an extramarital affair were released by the National Enquirer. These reports were based on information that was accessible only on his phone. Bezos accused American Media Inc. (AMI), the parent company of the National Enquirer, of trying to extort him after the publication approached him, saying it had text messages and photos that revealed Bezos was having an affair.

AMI repeatedly said in its defense that the tipster was Michael Sanchez, the brother of the woman Bezos was allegedly having an affair with and that the Saudi government wasn’t involved. Jeff Bezo’s chief of security Gavin de Becker reached out to FTI Consulting and hired them to carry out forensic analysis on Jeff Bezo’s Phone.

Can the Ordinary person be hacked?

Quite unfortunately, when it comes to cybercrime these days, no one is immune, and no software that you use is likely to be 100 percent free of bugs.

The Bezos hack shows us that the key security feature of the most popular apps WhatsApp (end-to-end encryption), which makes messages readable by only the receiver and sender – it becomes an unreadable encrypted file when intercepted. However, this doesn’t translate into complete security, based on the report’s conclusions, the end-to-end encryption works perfectly fine: as the FTI consulting guys were unable to decrypt the file sent by the account linked to the Saudi Crown Prince. But good device encryption didn’t stop Bezos’s phone from transferring gigabytes worth of data to a malicious actor for several weeks after the video file was sent.

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, said, “This is not indicative of a vulnerability in WhatsApp, there is nothing they can do when a trusted contact sends you a carefully crafted malicious link.”

Paul Ducklin, a principal research scientist at cybersecurity firm Sophos, said, “Sometimes, the best way to avoid that problem is simply to share less information, or not to share this particular photograph,’ or not to talk about secret personal stuff on this channel. Maybe wait until I meet up with this person face to face, the app can’t save you from yourself,” ”