A forensic analysis shows that a sophisticated attack on Jeff Bezos’ iPhone X gave full access to both his photos and messages.

While iOS is far better protected against malware than Android devices, iPhones are not immune, especially to sophisticated, targeted attacks.

Background

The National Enquirer ran a series of posts in which it said it had evidence of an affair between Bezos and former Fox anchor Lauren Sanchez. The tabloid published what it says were text messages between the two of them, and said in a now-deleted post that it also had lewd selfies.

Enquirer owner American Media, Inc, was the subject of a Washington Post investigation into its role in helping Trump silence a former Playboy model who wanted to tell her story of an affair with Trump. AMI subsequently admitted to buying the exclusive rights to her story and then not running it, thus keeping it out of the media during Trump’s presidential election campaign.

Bezos, who owns the Washington Post, said AMI tried to pressure him into ending its investigation and making a false statement that there was nothing to it. He decided to go public ahead of the Enquirer coverage.

Saudi Arabia crown prince Mohammed bin Salman was said to be behind the attack, subsequently sharing information with AMI, in order to apply pressure to end WP investigations into possible involvement in the 2018 murder of journalist Jamal Khashoggi.

Several days ago, an AMI leader advised us that Mr. Pecker is ‘apoplectic’ about our investigation. For reasons still to be better understood, the Saudi angle seems to hit a particularly sensitive nerve.

A few days after hearing about Mr. Pecker’s apoplexy, we were approached, verbally at first, with an offer. They said they had more of my text messages and photos that they would publish if we didn’t stop our investigation […]

In the AMI letters I’m making public, you will see the precise details of their extortionate proposal: They will publish the personal photos unless Gavin de Becker and I make the specific false public statement to the press that we ‘have no knowledge or basis for suggesting that AMI’s coverage was politically motivated or influenced by political forces.’

Jeff Bezos iPhone X hack

Analysis by cybersecurity company FTI Consulting found that malware was embedded into a video file sent to Bezos from a WhatsApp account belonging to the Saudi crown prince, reports the New York Times.

It’s not known whether Bezos opened the file; some malware can run without any user interaction.

The video, a file of more than 4.4 megabytes, was more than it appeared, according to a forensic analysis that Mr. Bezos commissioned and paid for to discover who had hacked his iPhone X. Hidden in that file was a separate bit of code that most likely implanted malware that gave attackers access to Mr. Bezos’ entire phone, including his photos and private communications.

The United Nations yesterday said the malware used points to Saudi Arabia.

That lawsuit alleged that NSO facilitated spying on more than 1,000 WhatsApp users.

The Saudi government denies any involvement, but the UN says there is sufficient evidence to begin a criminal investigation.

The alleged hacking of Mr. Bezos’s phone, and those of others, demands immediate investigation by US and other relevant authorities, including investigation of the continuous, multi-year, direct, and personal involvement of the Crown Prince in efforts to target perceived opponents.