Facebook says Apple, not WhatsApp, should be blamed for Saudi hack of Bezos' phone
Last week, we passed along the frightening story of how Saudi Arabia was able to hack the Apple iPhone X belonging to Amazon founder Jeff Bezos, one of the richest men in the world. Why would such a terrible act be done? One theory is that the Bezos-owned Washington Post was investigating the murder of Jamal Khashoggi, a WaPo columnist who was allegedly killed under the direction of Saudi Crown Prince Mohammed bin Salman. Perhaps the Saudi's were snooping around the billionaire's phone for dirt to blackmail him with so it could demand that the newspaper drop the investigation.
The scariest part of the whole hack was that the malware was coded into a 4.22MB video clip sent to Bezos through WhatsApp in 2018 by an account owned by the crown prince. The malware was designed to allow the Saudis to access all files on Bezos' phone even if the video was never played, and that alone might keep you up nights. While some put the blame on Facebook for whatever WhatsApp vulnerability allowed the hack to occur, Bloomberg reports that Facebook vice president Nicola Mendelsohn doesn't agree. Keep in mind that WhatsApp is owned by Facebook; the latter closed on its $21.8 billion acquisition of the messaging app in October 2014.
Facebook tries to deflect from any responsibility WhatsApp might have had in the hacking of Bezos' iPhone X
Last February, Bezo's security advisor hired a firm called FTI Consulting and part of the latter's report says that hours after Bezos' WhatsApp account received the video message, "a massive and unauthorized exfiltration of data from Bezos’s phone began." The report from FTI noted that the amount of data transmitted out of Bezos' phone soared 29,000% immediately after the malware was received.
An Apple iPhone X, the model used by Amazon founder Jeff Bezos when his WhatsApp account was hacked by a video file in 2018
Last week at the World Economic Forum in Davos, Switzerland, Mendelsohn placed the blame for the hack on smartphone operating systems. She told a Bloomberg Television audience that "One of the things that it highlights is actually some of the potential underlying vulnerabilities that exist on the actual operating systems on phones." And while the executive said that Facebook would take seriously any allegations that WhatsApp was used to hack Bezos' account, she added that Facebook couldn't comment on an individual story.
Facebook's top policy official Nick Clegg repeated the company line to the BBC when he said, "It sounds like something on the, you know, what they call the operating, the operating, the phone itself. It can't have been, it can't have been anything on the, when the message was sent in transit, because that's end-to-end encrypted on WhatsApp." Clegg tried to get focused and when he did, the Facebook employee continued to move the blame away from WhatsApp. "It's a bit like if someone sends you a malicious email, it only comes to life when you open it," he stated. "I suspect it must have been something like that, so something would have affected the phone operating system."
But when it comes to WhatsApp's end to end encryption, the only thing that it did, according to FTI Consulting's report, was delay further study of the malicious code sent to Bezos. Meanwhile, Apple has refused to comment on the hack of Jeff Bezos' phone.
Last November, WhatsApp sued spyware maker NSO Group accusing the Israeli firm of delivering surveillance software to some WhatsApp users without their knowledge. Facebook said that NSO Group used a vulnerability in the messaging app (since patched) to infect the phone of certain WhatsApp users. NSO Group has denied these allegations and promised to "vigorously fight them" in court.
Things that are NOT allowed: