The big lesson from the Bezos hack: Anyone can be a target

PROVIDENCE, R.I. — You may not think you’re in the same league as Jeff Bezos when it comes to being a hacking target. Probably not, but you — and just about anyone else, potentially including senior U.S. government figures — could still be vulnerable to an attack similar to one the Amazon founder and Washington Post owner apparently experienced.

Two U.N. experts this week called for the U.S. to investigate a likely hack of Bezos’ phone that could have involved Saudi Arabian Crown Prince Mohammed bin Salman. A commissioned forensic report found with “medium to high confidence” that Bezos’ iPhone X was compromised by a video MP4 file he received from the prince in May 2018.

Bezos later went public about the hack after the National Enquirer tabloid threatened to publish Bezos’ private photos if he didn’t call off a private investigation into the hacking of his phone. It’s not clear if those two events are related. The Saudis have denied any involvement in the purported hack.

The events could potentially affect U.S.-Saudi relations. On Friday, Sen. Ron Wyden, an Oregon Democrat, said he is asking the National Security Agency to look into the security of White House officials who may have messaged the crown prince, particularly on personal devices. Jared Kushner, a White House aide and President Donald Trump’s son-in-law, is known to have done so using WhatsApp.

Wyden called reports of the Bezos hack “extraordinarily ominous” and said they may have “startling repercussions for national security.”

But they could resonate at the personal level as well. As the cost of hacking falls while opportunities to dig into peoples’ online lives multiply, more and more people are likely to end up as targets, even if they’re not the richest individuals in the world.

Ultimately, that boils down to a simple lesson: Be careful who you talk to — and what you’re using to chat with them.

“People need to get out of the mindset that nobody would hack them,” said Katie Moussouris, founder and CEO of Luta Security. “You don’t have to be a specific target or a big fish to find yourself at the mercy of an opportunistic attacker.”

WhatsApp, owned by Facebook, is generally considered a secure way of trading private online messages due to the fact that it scrambles messages and calls with encryption so that only senders and recipients can understand them. What many people may not have realized is that it, like almost any messaging service, can act as a conduit for malware.

That encryption, however, is no help if a trusted contact finds a way to use that connection to break into the phone’s operating system. In fact, an infected attachment can’t be detected by security software while it’s encrypted, and apps like WhatsApp don’t scan for malware even once files are decrypted.

WhatsApp users can disable the automatic downloading of photos, videos and other media, which happens by default unless the user takes action.

Other messaging apps are likely also vulnerable. “It just so happens that this one was a vulnerability in WhatsApp,” said JT Keating, of Texas-based security firm Zimperium. “It could have been in any one of any number of apps.”

UC Berkeley cybersecurity researcher Bill Marczak cautions that there’s still no concrete evidence that’s been demonstrated to show the Saudi video was malicious, and that it might be premature to jump to broader conclusions about it. Many other security experts have also questioned the forensics report upon which U.N. officials are basing their conclusions.

But Marczak said it is generally good advice to “always be on the lookout for suspicious links or messages that sound too good to be true.”

Even caution about avoiding suspicious links might not be good enough to ward off spyware — especially for high-profile targets like dissidents, journalists and wealthy executives. Hackers-for-hire last year took advantage of a WhatsApp bug to remotely hijack dozens of phones and take control of their cameras and microphones without the user having to click anything to let them in.

In such cases, said Marczak, “there doesn’t need to be any interaction on the part of the person being targeted.”

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Company walks away from massive oilsands project

VANCOUVER — Teck Resources Ltd. has withdrawn its application for a massive… Continue reading

Fort Macleod, Alta., to get special advance screening of new ‘Ghostbusters’ film

There will be something strange in the neighbourhood of Fort Macleod, Alta.,… Continue reading

Hundreds turn up at Coldest Night of Year walk in Red Deer

It wasn’t the coldest night of the year, which probably helped the… Continue reading

Police in Saskatoon shoot two dogs that attacked man, then advanced on officers

SASKATOON — Police in Saskatoon say officers had to open fire at… Continue reading

Alberta and two First Nations make deal for proposed oilsands mine

EDMONTON — The Alberta government has struck deals with two northern Alberta… Continue reading

Fashion Fridays: The 8 best quality online stores! Shop the ultimate sales

Kim XO, helps to keep you looking good on Fashion Fridays on the Black Press Media Network

Your community calendar

Feb. 19 A Liberation of Holland event is being held at the… Continue reading

Sylvan Lake Wranglers comeback to nab OT win in Game 2 over Red Deer Vipers

The Sylvan Lake Wranglers have a knack for the dramatics early in… Continue reading

Wranglers win wild Game 1 double OT thriller over Red Deer Vipers

The best-of-seven series continues Sunday in Sylvan Lake

Kings and Queens basketball triumph over Ambrose, keep playoff hopes alive

Guard Sandra Garica-Bernal sets new Queens all-time steals mark

Five things to watch for in the Canadian business world in the coming week

TORONTO — Five things to watch for in the Canadian business world… Continue reading

View of a longtime economist: Slower growth but no recession

WASHINGTON — In this high-profile election year, the U.S. economy boasts an… Continue reading

Amy, chasing: Klobuchar, already beating odds, faces uphill climb

WASHINGTON — It’s been a running gag ever since she launched her… Continue reading

B.C. money laundering inquiry to begin amid hopes for answers, accountability

VANCOUVER — British Columbia’s attorney general hopes an inquiry into money laundering… Continue reading

Most Read