Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Illustration: Eniola Odetunde/Axios
If Jeff Bezos' phone can be hacked, anyone's can.
Driving the news: Reports emerged this week alleging that Jeff Bezos's iPhone was compromised in 2018 after the Amazon founder and Washington Post owner received a video file in a WhatsApp message sent by Saudi crown prince Mohammed bin Salam (MBS). The news sent tremors through Washington and Silicon Valley.
What happened: According to a forensic report Bezos commissioned and that informed a statement from U.N. human rights officials, soon after Bezos received the message from MBS his phone began transmitting large quantities of data.
- Months later, the billionaire's private messages and photos turned up in the hands of the National Enquirer, which then, according to a statement Bezos published, tried to blackmail him.
- Saudi Arabia has denied any role in hacking Bezos' phone and disputes any involvement by MBS.
Of note: The hack came just months before the killing of journalist Jamal Khashoggi, whose sharp criticisms of the Saudi government ran in Bezos' Washington Post. The CIA concluded that MBS ordered Khashoggi's death.
- Some security experts are questioning the thoroughness of the forensic report's work and its attribution of the attack to MBS, per CyberScoop.
Our thought bubble: Bezos isn't a clueless newbie — he's been online since Amazon opened its website 25 years ago.
- It's not even clear from the forensic report whether he ever clicked on the video.
Background:
- The 2014 Sony Pictures hack exposed the vulnerability of companies to having all their emails and files dumped on the open internet.
- The 2016 hacks of the DNC and the Clinton campaign exposed the similar vulnerability of political organizations.
- Now, it's dawning on executives, managers, and everyday people that, if the richest person on the planet — who is also a veteran technologist — can't protect himself and his data, everyone is vulnerable.
Between the lines: It's one thing to think of cyber-attacks as devious operations against factories and power plants or spammy barrages of suspicious come-ons. In the world the Bezos/MBS caper shows us, the most commonplace and mundane communications are becoming weaponized.
Yes, but: Most of us aren't billionaires and aren't receiving texts from Saudi princes. If we're not as important as Bezos, maybe we won't be targeted.
- That thinking represents one version of what experts call "security through obscurity" — and it makes sense, up to a point.
- The comfort it offers, though, is hardly reliable, and only applies while the tools for targeting individuals remain costly. Most software gets cheaper over time.
Winners: Nobody.
Losers:
- WhatsApp, the service owned by Facebook. WhatsApp originated as a privacy-oriented, fully encrypted messaging channel, and it was initially embraced by activists and dissidents. But it's not looking very secure right now.
- NSO Group, the Israel-based security firm whose Pegasus tool is cited by the forensic report as the most likely culprit in the Bezos hacking. Saudi Arabia is widely believed to have used NSO software to spy on Khashoggi and other critics, and Facebook has sued the company for its role in hacking hundreds of people's phones through WhatsApp. NSO, which has tried to pivot toward human rights over the last year, "unequivocally" denies its software played any role.
- The Saudis, who may find a lot of their messages sitting unread in recipients' inboxes.
- Friends of the Saudis, including Jared Kushner, who is widely reported to be WhatsApp pals with MBS, and President Trump, whose casual approach to smartphone security has troubled security experts going back to the administration's early days.
The bottom line: For business and government leaders realizing that their counterparts can hack their phones, it's not just their own data that's at risk. Everyone they communicate with needs to worry now, too — and the idea that it's even possible to have a private "high-level conversation" over the internet looks quaint.
Go deeper: The hack heard round the world (Pro Rata podcast)