Illustration: Eniola Odetunde/Axios

If Jeff Bezos' phone can be hacked, anyone's can.

Driving the news: Reports emerged this week alleging that Jeff Bezos's iPhone was compromised in 2018 after the Amazon founder and Washington Post owner received a video file in a WhatsApp message sent by Saudi crown prince Mohammed bin Salam (MBS). The news sent tremors through Washington and Silicon Valley.

What happened: According to a forensic report Bezos commissioned and that informed a statement from U.N. human rights officials, soon after Bezos received the message from MBS his phone began transmitting large quantities of data.

  • Months later, the billionaire's private messages and photos turned up in the hands of the National Enquirer, which then, according to a statement Bezos published, tried to blackmail him.
  • Saudi Arabia has denied any role in hacking Bezos' phone and disputes any involvement by MBS.

Of note: The hack came just months before the killing of journalist Jamal Khashoggi, whose sharp criticisms of the Saudi government ran in Bezos' Washington Post. The CIA concluded that MBS ordered Khashoggi's death.

  • Some security experts are questioning the thoroughness of the forensic report's work and its attribution of the attack to MBS, per CyberScoop.

Our thought bubble: Bezos isn't a clueless newbie — he's been online since Amazon opened its website 25 years ago.

  • It's not even clear from the forensic report whether he ever clicked on the video.

Background:

  • The 2014 Sony Pictures hack exposed the vulnerability of companies to having all their emails and files dumped on the open internet.
  • The 2016 hacks of the DNC and the Clinton campaign exposed the similar vulnerability of political organizations.
  • Now, it's dawning on executives, managers, and everyday people that, if the richest person on the planet — who is also a veteran technologist — can't protect himself and his data, everyone is vulnerable.

Between the lines: It's one thing to think of cyber-attacks as devious operations against factories and power plants or spammy barrages of suspicious come-ons. In the world the Bezos/MBS caper shows us, the most commonplace and mundane communications are becoming weaponized.

Yes, but: Most of us aren't billionaires and aren't receiving texts from Saudi princes. If we're not as important as Bezos, maybe we won't be targeted.

  • That thinking represents one version of what experts call "security through obscurity" — and it makes sense, up to a point.
  • The comfort it offers, though, is hardly reliable, and only applies while the tools for targeting individuals remain costly. Most software gets cheaper over time.

Winners: Nobody.

Losers:

  • WhatsApp, the service owned by Facebook. WhatsApp originated as a privacy-oriented, fully encrypted messaging channel, and it was initially embraced by activists and dissidents. But it's not looking very secure right now.
  • NSO Group, the Israel-based security firm whose Pegasus tool is cited by the forensic report as the most likely culprit in the Bezos hacking. Saudi Arabia is widely believed to have used NSO software to spy on Khashoggi and other critics, and Facebook has sued the company for its role in hacking hundreds of people's phones through WhatsApp. NSO, which has tried to pivot toward human rights over the last year, "unequivocally" denies its software played any role.
  • The Saudis, who may find a lot of their messages sitting unread in recipients' inboxes.
  • Friends of the Saudis, including Jared Kushner, who is widely reported to be WhatsApp pals with MBS, and President Trump, whose casual approach to smartphone security has troubled security experts going back to the administration's early days.

The bottom line: For business and government leaders realizing that their counterparts can hack their phones, it's not just their own data that's at risk. Everyone they communicate with needs to worry now, too — and the idea that it's even possible to have a private "high-level conversation" over the internet looks quaint.

Go deeper: The hack heard round the world (Pro Rata podcast)

Go deeper

Updated 1 hour ago - Science

Texas and Louisiana face fresh flood threat from Tropical Storm Beta

Tropical Storm Beta slowly approaching the Texas coast on Monday. Photo: National Weather Service/Twitter

Tropical Storm Beta was dumping heavy rains over Texas as it churned its way inland overnight, bringing the risk of "life-threatening storm surge" and flooding to parts of the state and Louisiana, the National Hurricane Center said.

What's happening: The slow-moving storm was causing coastal flooding along areas including the bays near Houston and Galveston in Texas Monday, per the National Weather Service. Texas Gov. Greg Abbott (R) made a disaster declaration and Louisiana Gov. John Bel Edwards (D) declared a state of emergency Monday.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 3 a.m. ET: 31,328,238 — Total deaths: 964,839— Total recoveries: 21,503,496Map.
  2. U.S.: Total confirmed cases as of 3 a.m. ET: 6,857,967 — Total deaths: 199,884 — Total recoveries: 2,615,949 — Total tests: 95,841,281Map.
  3. Health: CDC says it mistakenly published guidance about COVID-19 spreading through air.
  4. Media: Conservative blogger who spread COVID-19 misinformation worked for Fauci's agency.
  5. Politics: House Democrats file legislation to fund government through Dec. 11.
  6. World: U.K. upgrades COVID alert level as Europe sees worrying rise in infections — "The Wake-Up Call" warns the West about the consequences of mishandling a pandemic.

Louisville police declare state of emergency as Breonna Taylor decision looms

A demonstrator holds up a sign of Breonna Taylor during a protest in Louisville, Kentucky. Photo: Brandon Bell/Getty Images

The Louisville police chief declared in a memo obtained by news outlets a "state of emergency" for the department on Monday to prepare for Kentucky Attorney General Daniel Cameron's expected announcement on the Breonna Taylor case.

Of note: Louisville has witnessed more than 115 days of protests over the police killing of Taylor, an unarmed Black woman, with calls for all the officers involved to be charged.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!