Learning about Smartphone Security from the Jeff Bezos Hack

Amazon founder Jeff Bezos may be wealthier than you but he sure isn’t smart enough – at least, when it comes to basic smartphone security.

You must have read recently that Saudi Crown Prince Mohammed bin Salman sent Bezos a video file through WhatsApp which actually contained malware “that penetrated Bezos’s mobile phone and exfiltrated a large amount of data within hours“, as revealed by The Guardian.

While most people will shrug off the possibility of being targeted for a hack, the ease with which Bezos was suckered into the act wasn’t unsurprising. It’s also a great reminder about certain security steps.

Don’t access unsolicited files

Yep, that’s as simple as it gets. Not so easy, though. If a random phone number or a stranger sends you a file to examine, avoiding it shouldn’t be a tough call. You’ll be a sucker if you do.

When a friend, especially recently-added, sends you something to view, it might not appear suspicious. You’ll wonder why they would target you for a hack.

General prohibition of video viewing is unwise. It’s also not worth criticising Android because Bezos was allegedly using an iPhone. The attack vector was apparently WhatsApp itself. UN Human Rights investigators describe it as follows:

The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group’s Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials. This would be consistent with other information. For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group“.

The New York Times notes that it’s still unclear whether or not Bezos actually opened the video himself or mere reception was enough to initiate exploitation. Put simply, just receiving malicious code via apparently normal content in itself could prove damaging.

Other means of protection against malware

You could opt out of third-party messaging apps and stick to your phone’s default settings but that’s a pretty huge demand. Why wouldn’t you want to use different apps for communication?

It’s safe to assume your smartphone’s default messaging service is more secure than third-party apps.

You can setup Google Alerts around apps which you regularly use so you can stay abreast of their latest happenings and incidents. This will help you decide later on whether you’d like to remain logged in an app or discontinue altogether.

Disable auto-downloads

It’s advisable to turn off automatic download features in your messaging app. WhatsApp helps you do this. Leaving the setting on auto-downloads can allow video malware to escape the digital sandbox in Android and iOS smartphones.

Track data use

Too much data consumption on your Android or iOS could be a sign that something isn’t right on your smartphone. Android users can do this natively on their phones.

As the New York Times says, you’ll need to be mindful of unrealistic data consumption by your smartphone: “In the 24 hours after it was sent, Mr. Bezos’ iPhone began sending large amounts of data, which increased approximately 29,000 percent over his normal data usage“.

If you witness such abnormal data usage in your phone, don’t rule out the possibility of a malware infection. Grab a scanner app to detect this malware or try to factory-reset your device.

Click to comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To Top