Published Feb 15, 2020 by Xiph
Jeff Bezos lassoed into the average user’s leaky shoes. What do multiple breaches of the richest man on earth’s personal phone mean for us?
Sound the sirens, as Jeff Bezos’ mobile device has been hacked. The ensuing piece is like something out of an Airport novel and involves a Saudi Prince, The National Enquirer, security flaws in WhatsApp, an execution, a premarital affair and nude photos. And not necessarily in that order.
Let’s start at the beginning. Amazon founder and the wealthiest human alive, Jeff Bezos, commissioned a forensic analysis of his mobile phone only to discover that gigabytes worth of personal data had been pilfered over a period of months. The irony of a tech billionaire whose company is regularly accused of abusing user data, falling prey to such an injustice is not lost on us, but let’s stick with the facts for the moment.
The (un)usual suspect
According to the analysis, the data breach began on May 1, 2018, mere hours after Bezos had exchanged digital pleasantries over WhatsApp with then-new best friend and heir to the Saudi Arabian throne, Crown Prince Mohammed bin Salman. The pair had met and exchanged numbers at a Hollywood dinner hosted by Oscar-winning producer Brian Grazer, during Salman’s tour of the United States. Unfortunately, their friendship was short-lived, as the Bezos-owned The Washington Post reported that Salman’s government was responsible for the execution and dismemberment of veteran Saudi journalist Jamal Khashoggi – both a regular contributor to the publication and an outspoken critic of the Prince’s abuses of power.
What was the message sent by the Prince that preceded the alleged illicit haul of information? The specifics are unknown, but what we do know is that it was a video file (okay…). The analysis reported that it’s “highly probable” that the file contained malware and that “a massive and unauthorized [sic] exfiltration of data from Bezos’ phone began, continuing and escalating for months.” To put the haul in context, the daily average of data uploaded from a device engaged in such exchanges is in the few hundred kilobytes, whereby the amount from Bezos’ phone was in the dozens of gigabytes.
Official statements from Saudi Arabia have explicitly denied any involvement in the breach and requested both the forensic evidence and the identity of the company that conducted the analysis. However, the fact that said company, FTI Consulting, cannot provide conclusive evidence, suggests that the situation might devolve into a stalemate.
Hot Property
This is not the first recent time that Bezos’ personal device has been netted and feasted upon by outside eyes. Only a few months before the breach, tabloid royalty the National Enquirer claimed that Bezos was conducting an extramarital affair with broadcaster and former host of So You Think You Can Dance, Lauren Sanchez, going as far as posting alleged texts and pictures exchanged between the pair. Bezos responded by organising an investigation into the security violation and accusing the Enquirer of carrying it out due to political motivations.
The Enquirer pushed back by what could only be called blackmailing Bezos, threatening by email to release nude photos from his phone unless he ended both the investigation and the public allegations. Bezos one-upped the tabloid rag by publishing the emails and stating that if he “can’t stand up to extortion, how many people can?”
Ignoring the noise
The ins and outs of Jeff Bezos’ personal life are of little interest to us, nor are which pictures of what he’s sending to whom. What does interest us is that a man who runs a company that has been accused of breaking the EU data protection rules, violating the privacy of children and employing thousands of people to comb through user conversations – now has a chance to walk a while in our shoes. Perhaps, if Bezos is as in touch with the average citizen as he claims to be, he will take this opportunity to realise that he and his peers are willingly putting us at increasing risk – for an end that doesn’t, even for even a moment, justify the means. Perhaps it will be realised by someone, at some point, that there are better ways to attract consumers than creating a demand for technologies, apparently laced with booby traps.
Unfortunately, if history is any indication, the richest man in the world isn’t going to modify his output or outlook if it threatens his status as the richest man in the world. The question that then remains is, if a man in Bezos’ position isn’t safe; if a man with his resources and reach cannot protect his phone from outside threats, then how are we expected to secure our own? The answer, it seems, is that we aren’t. In fact, it seems they’re banking on the fact that we don’t.
The answer, the solution, the common sense approach
The silver lining to all of the above is that we can respond to their (in)actions by turning to alternative technologies that DO respect our right to privacy; that take the word ‘security’ seriously instead of tossing it into a marketing campaign as an empty selling point and hoping we don’t look any deeper. Privacy and security-first hardware and software solutions are becoming more popular by the day, as users are realising that you can find equally powerful and user-friendly options that don’t require you to surrender every detail of your digital life upon purchase.
In fact, we wouldn’t be surprised if any day now, Bezos is spotted purchasing a Sovereign OS or Graphene handset and muttering to himself “why didn’t I think of doing this a year ago?”