Jeff Bezos's phone 'hacked by Saudi crown prince'

Pavel Durov argued that WhatsApp&#x27;s vulnerabilities are intentionally created as part of surveillance programs with government agencies. [1]<p>If that were true, Bezos&#x27;s case would be an example of how that approach to security is double-edged. Backdoors can be just as useful to foreign intelligence as they are to whoever pushed for their implementation.<p>[1] <a href="https:&#x2F;&#x2F;t.me&#x2F;s&#x2F;durov&#x2F;109" rel="nofollow">https:&#x2F;&#x2F;t.me&#x2F;s&#x2F;durov&#x2F;109</a>

So MBS or someone in Saudi intelligence is somehow behind the leak of the photos to the National Enquirer, and the subsequent divorce of the Bezos?

OK, so I&#x27;m just a random anonymous coward. And arguably obsessed with my hobby.<p>But I&#x27;m puzzled that Bezos would be corresponding with MBS on the same device that he uses for potentially embarrassing personal stuff. Isn&#x27;t that just a totally obvious OPSEC fail?<p>Edit: But that&#x27;s what he did, isn&#x27;t it?<p>And how could that be considered safe?

I pointed this out 11 months ago:<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=19122206" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=19122206</a>

I wonder how often less high profile folks get hit with stuff like this?<p>On one hand, zero days are rare and expensive.<p>OTOH someone who isn&#x27;t the CEO of a major company might not notice the malware, or if they do, not know they should forward it to an organization like Citizen Lab.

Apparently I’m the only person on earth who wants to know what kind of phone Bezos was using, which OS version, etc. It seems like this detail is conveniently being left out of every story.<p>Anyone have any additional details? I understand that it was a WhatsApp vulnerability (Pegasus?) but I’d still like to know more about the device.

Pegasus as expected according to another person claiming to have been hacked, also a report expected out in the coming months <a href="https:&#x2F;&#x2F;twitter.com&#x2F;iyad_elbaghdadi&#x2F;status&#x2F;1219741773301452800" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;iyad_elbaghdadi&#x2F;status&#x2F;12197417733014528...</a>

I&#x27;m glad it&#x27;s fixed now. <a href="https:&#x2F;&#x2F;www.facebook.com&#x2F;security&#x2F;advisories&#x2F;cve-2019-11931" rel="nofollow">https:&#x2F;&#x2F;www.facebook.com&#x2F;security&#x2F;advisories&#x2F;cve-2019-11931</a>

Is there any detail on the nature of the exploit? It seems to have been triggered by receipt of a video in WhatsApp. Was the flaw in WhatsApp itself? Or would the exploit have occurred regardless of which messaging&#x2F;transfer mechanism was used to deliver the video? Has this been fixed? Is it even a documented exploit or is it simply known that it had something to do with the WhatsApp video, but not the actual methodology?

One thing which this article doesn&#x27;t address at all, is what is the beef between MBS and Bezos? Why would the Saudi prince leak this data? How did Amazon upset him?

Explanation 1:<p>Lauren Sanchez(bezos&#x27; new girfiend) along with her brother Michael(who is also her agent), leaked the story to force Bezos to divorce his wife and get along with her.<p>Explanation 2:<p>The crown prince of Saudi Arabia personally sent a trojan file, downloaded all the data, distributed it through a gossip rag he happens to be friends with, for some kind of revenge&#x2F;message<p>I get why Bezos has to go with explanation 2 because explanation 1 would indicate the girl he wants to have sex with or her brother is manipulative. I dont see why the rest of us have to go along with this. Even this anonymous source says he has &quot;high confidence&quot; not anywhere near certainty.

Last time I stayed at an AirBnb in Prague, the owners preferred method of communication was WhatsApp. When I went to install it I was confronted with no other choice than allowing it to import all my contacts, even though there was only one person I wanted to communicate with.<p>I was aware of these vulnerabilities and generally am protective of handing out PII, especially information others have entrusted to me. So I didn&#x27;t give it access to hundreds of business and personal contacts spanning decades of work and life.<p>How do others deal with this who perhaps don&#x27;t have the choice to just say &quot;I&#x27;m going to text you instead for the 4 days we are going to have a need to communicate&quot;? Do you keep a full set of contact data outside your phone&#x27;s contacts for information you don&#x27;t want shared? Private and public contacts?

The wider question here is how to handle Saudi Arabian trades in Western markets. Every and any deal undertaken by a state actor (MBS, any of the 1000s of princes the place is littered with, the sovereign wealth fund or the state or semi state companies) could well be the result of insider trading...<p>And thats just the public markets. Imagine the advantage you would have in startup investing if you could covertly read all the internal discussions, the founders texts and emails, remotely access their meetings with lawyers, accountants and other VCs.<p>No wonder SA is suddenly interested in Silicon Valley

This gives me tremendous respect for Jeff.<p>Most likely his marriage fell apart because of this costing him personally ~25B. But that means that he didn&#x27;t give in to whatever Mr Prince wanted.

What brand was the phone and OS?

So, anyone want to hazard a guess on why the prince would want the optics of being seen to have been responsible for the hack (as opposed to trying to cover that up by, say, not using his very own account)?

Is it that easy to be hacked with WhatsApp?

Whatsapp allows desktop clients. I use it too. It is technically possible for someone to hijack this desktop client and do this without MBS&#x27;s involvement, as long as MBS authorized that desktop. I think you need proximity, but you can have a computer near the prince, and that computer being remotely controlled by someone sitting far away.<p>Not saying this happened ... but there are many ways to blame it on prince and many ways to defend him (and blame a subordinate).

This is why for the past 7 years I have rejected any files sent to me, and insist on receiving cloud links such as google, dropbox etc.

&gt; <i>This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.</i><p>Any more information on how this type of attack works? Is it a vulnerability in Whatsapp, or was whatsapp just the delivery platform?

I am not buying this story. With all the other possible options, why would someone like MBS do it from his very own phone which this article claims? It sounds more like someone is trying to frame MBS.

Talk about lousy deniability.<p>I wonder how many Alexas there are in Saudi.

Don&#x27;t deal with the Saudis. History will look back on you the same way it looks back on people shaking hands with Hitler. I&#x27;m not kidding.

This sounded plausible until I read the first sentence. Why would MBS be the one executing the attack, and using his personal account to do it?

as per usual there will be zero consequences

&gt;Jeff Bezos chatting with Mohammed bin Salman on WhatsApp<p>Not sure whether this is a yet another fake story sponsored by the Qataris, who infiltrated the liberal western media with their isalmist and ultra left minions all over in the name of diversity, since their rift with the Saudis in mid 2017 or the richest man on Earth is actually retarded enough to chat with a head of state like Saudi Arabia on fucking WhatsApp

My gut response to this is &quot;bullshit&quot;<p>Not based on the Saudi&#x27;s not buying zero-day-exploits, but on them using them from the crown prince&#x27;s account directly against Jeff.