No wonder Bezos is fuming.
6GB of exfiltrated data? That'll cost him hundreds of dollars, even if he's on AT&T's cheapest plan.
Poor guy.
I'm setting up a GoFundMe, anyone care to chip in?
The Crown Prince of Saudi Arabia, Mohammad bin Salman, has been officially fingered as the man responsible for hacking Amazon CEO Jeff Bezos’s iPhone X, causing a massive stir in diplomatic circles. Following a report yesterday that Bezos’s smartphone had been compromised by a malware-poisoned video sent directly by bin Salman …
cell-phone more when one is in command of everything
It's entirely possible that he has more than one phone.. (yes, yes, I know - stretching the bounds of possibility I know. But even the Orange One has more than one phone and he's only the POTUS and a pauper compared to Bezos. In fact, the only think I thing OO exceeds Bezos in is the number of wives/mistresses he's cheated on..)
I agree. Almost all my phone usage happens when I'm on wifi, so I use very little data most of the time.
As far as noticing it, most carriers in the US offer "unlimited" plans that throttle after a couple dozen GB. If 6 GB was spit out it wouldn't even change his bill - not that he's looking at his bills or whoever does would ask him about excess usage costing an extra $20 or whatever.
Not much of a surprise when you consider a couple of years back MBS arrested a good portion of his family, dozens of ministers and ex ministers and the the premier of Lebanon, he also purloined the funds belonging to most of the arrestees having accused all of them of being corrupt. All of this mostly to consolidate his position.
I suppose after this post I should avoid countries with very large beaches.
Saudi politics still doesn't beat Iran's for oddness. When Mahmoud Ahmadinejad was President (I'm not going to lie - I had to look up the spelling) he had a bit of a falling out with the Supreme Leader. Not too major as both are from the most authoritarian wings of the state, meaning things had to be kept in bounds - so the move made was to charge one of his ministerial allies with Sourcery. Not something you see on a charge sheet every day.
I don’t think the series really hits its stride with Wyrd Sisters. After which it’s consistently excellent right up until the not really finished final book. My favourite early one is probably Pyramids. Others disagree though and suggest people start with Mort.
I seem to remember one of the charges against King Charles I was "mischiefs", the little scamp. Still not a patch on sourcery though.
It should be noted that the Saudi government invested in the Hacking Team via the shell company Tablem after the Hacking Team data breach to keep the company from going bankrupt (and that they had attempted, unsuccessfully, to buy the company outright prior to that - kudos to El Reg - https://www.theregister.co.uk/2015/09/28/saudi_arabia_hacking_team/ ).
As Khashoggi showed, the Saudis will stop at nothing to exact revenge on whomever they feel like.
"Facebook recently sued NGO Group over its Pegasus software"
I'm assuming this was the spell checker? It's NSO group. Incidentally, as they aren't exactly hiding that they have this malware, I'm surprised and displeased their company hasn't been raided by law enforcement with a raft of computer abuse charges.
We don't think anyone would be stupid enough to use their own kit to transmit malicious content.
So the prince was obviously framed.
But nobody would be stupid enough to try to frame somebody by using somebody's equipment to transmit malicious content, so it is obviously not that either.
They think we aren't smart enough to realize that it must have been the prince in the first place.
Seriously though: Bezo is heading back to the mobile phone business. Pointing out a security flaw in the iPhone is his opening salvo. Expect new Saudi-safe Kindle phones in your favorite amazon store within the month. The product logo will be a keffiyeh with a red line running diagonally from bottom left to upper right inside a red circle. Possibly a cruise missile will figure somewhere inside the logo as well, but I'm told (by thelittle voice inside my head) Bezo's team hasn't fully committed to it yet.
I doubt anybody who would be in a position to know the Crown Princes mobile number and who possessed more than 2 brain cells, would dare hack the Crown Princes phone. That's how you end up in a shallow grave in a Wadi somewhere....
It would be like hacking Putin's phone or Xi's. An invitation to a large shortening of your life expectancy.
So assuming that it came from the Crown Prince or that he at least approved of the sending, it shows an amazing level of arrogance. He had to understand that eventually it would be found out, but he obviously doesnt care about any possible repercussions.
he obviously doesnt care about any possible repercussions
Well - he knows full well that Trump isn't exactly Bezos' friend (especially as Bezos isn't a dictator known to have killed off lots of people[1] - that seems to be the sure-fire way to get Trump fawning on you).
[1] Except, of course, via workplace injuries in Amazon warehouses. But, since that's due to neglect and indifference rather than deliberate action it doesn't count.
It's also a mistake to assume the powerful know or care much about OPSEC. It's pretty common for people in power to trip themselves up by using personal devices. Even when they try to do it properly, they often achieve decent security in one area but screw it up in another (as with El Chapo, for example), or use a mechanism that fails under a different mode of investigation (as with Petraeus).
An annex [PDF] accompanying the UN assessment suggests the spyware was supplied to Saudi Arabia by the NSO Group in the form of surveillanceware called Pegasus*. ... NSO, at least, has denied any involvement.
Well, they would, wouldn't they.
* Pegasus ...... "invasive software from NSO Group, a secretive Israeli security firm that is being sued by WhatsApp's owner, Facebook, over allegations that it compromised users' accounts." ....... Tales of Sticky Shenanigans and Dastardly Deeds?:-)
Constant yearnings for exponential learnings is IT not?
Nothing would shock or surprise anymore about what seems to be accepted prima facie follies when the masses simply meander into mass mind controlled clickbait, simply more mass media manipulation malware merchandise monitoring for market manipulation advantage undoubtedly.
Well there are some interesting coincidences in that it was the National Enquirer who had the videos and weren't publishing them but trying to get some sort of agreement out of Bezos. And of course it was also the National Enquirer who were allies of Trump buying up the stories of women that had alleged they'd slept with him, then not publishing them. Which may turn out to be a breach of campaign finance law.
So there are some interesting coincidences at least - if nothing more sinister.
And neither the Crown Prince or Trump like the Washington Post, for different reasons.
However I'd not get involved in a conspiracy with Trump - given that he's not exactly either competent or discrete. But on t'other hand, Bin Salman and his cronies aren't exactly what I'd call exemplars of competence either...
Yes, there's no need for a conspiracy here. Everyone acting according to their inclinations explains the involvement of MBS and the National Enquirer just fine. I'm sure Trump would have approved, and they may tipped him off that something along these lines was happening, but there was no reason to let him know the details.
I don't even think there was much of a plan here. MBS has a collection of hacking toys from NSO Group and Hacking Team, and decided to play with them by seeing if he could steal info from Bezos. He or a toady skimmed over it, found the embarrassing material, and forwarded it to someone (possibly David Pecker at AMI, possibly Dylan Howard at the Enquirer), who decided to try to pressure Bezos. But it turned out Bezos was running short of fucks to give that day.
Bezos not only cheated on his wife, he cheated her out of a fair divorce settlement - she only got $35b while his net worth is still $115b.
We are all super-rich in IT, so it's understandable that a poor Arab kid working at his dad's petrol station would try to hack us to expose our moral failings.
$35B is not cheating. Plus $115B may be hard to monetize or transfer. Also, it may not have been in her best interest. Let me explain: If you transfer 50% ownership of a company it leads to a transfer of power, board seats issues etc. leaving you a company with a different management.
It is better to get the $35B and have Bezos grow it as the company's valuation grows.
And cheating on your wife or husband? Do you know how many people cheat in the US? Women cheat as much as men. It is not a crime, misdemeanor, or even a minor violation.
I read all the report and I found it very interesting.
I don't understand however how it was possible through whatsapp, sending the video via "an encrypted downloader hosted on WhatsApp’s media server".
I mean, what's the difference to just directly send an mp4 file or via this encrypted downloader ?
This is what VICE writes (and report too):
"They did not find any malicious code embedded in the video file, but discovered that the video was delivered via an encrypted downloader hosted on WhatsApp’s media server."
Thanks for an explanation
This is what VICE writes (and report too):
Hiya. First, this is El Reg and so we can't quote Vice (or the Daily Mail) as a source.
Ta for your thanks for an explanation. The "encrypted downloader" is a red herring. Any good hacking tool can remove traces of itself from the version it leaves behind. Blame Ken Thompson.
They did find an encrypted payload within the file - which they could not decrypt in order to ascertain if it was malicious. What is the probability that it was not benign? The encrypted nature of the final delivery mechanism was irrelevant.
"...but it seems an encrypted blob of code in the 4MB video file was able to run spyware on the phone, presumably via a software flaw. The team was unable to decrypt the payload.
Oh ok so you are saying that:
1) Video file was crafted to contain the video itself + a small other (malicious) encrypted file
2) Video file, upon receiving, was able (how?) to split itself into 2 files (clean video file and encrypted payload) and execute the payload.
3) The video itself, upon splitting, resulted clean to forensic tools
Is it correct ?
However, I don't still get what "downloader hosted on WhatsApp’s media server" should mean. They are just describing the infected payload crafted into the videofile ? It is a bit misleading to me
CVE-2019-11931
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.
As @Red Ted comments,once the exploit/Remote Code Executes it can do all manner of things - including removing traces of it. The question is why was that encrypted part left if there was some clear up performed. Could simply be an oversight - known to happen. As for why that part was encrypted - less chance of detection than if it were unencrypted code that could be fingerprinted/detected.
Alternatively, could also leave some useful malicious code in encrypted form on the victim's device that can be accessed when required by other exploits/attacks, avoiding the need to download that code (again) and thereby reducing the chance of detection.
"However, I don't still get what "downloader hosted on WhatsApp’s media server" should mean. They are just describing the infected payload crafted into the videofile ? It is a bit misleading to me"
In itself, it doesn't mean much; they're just stating where the file came from. It does indicate that it was not retrieved from an attacker-controlled location, and therefore that it is not possible to track that location to identify the attacker. Not much more detail comes from this one observation, but it is relevant information to understanding what happened.
The report states "It should be noted that the encrypted Whatsapp file sent from MBS' account was slightly larger than the video itself". The 'downloader' is just a file containing the original video (and maybe more?). The video now is 4.22MB. We aren't told how much 'slightly larger' the encrypted file is, but they can't decrypt it because presumably the session key has long been discarded or actively purged by the malware. Possibly the original video was larger and contained exploit+malware that has since cleaned itself.
Wow, to be so terrified of the truth that one would fling and cling to lies is a an Early Sure Sign of Real Trouble with Mental Health Issues which can Easily Deliver Madness and Mayhem.
The Flip Side of that on a Parallel Course is Share Genius and Utility.
Which do you think the Better Best Bet for the Future? Surely the Flip Side must be the Firm Favourite and a Worthy Runaway Winner.
"They also call for greater controls over 'the unconstrained marketing, sale and use of spyware' and a 'moratorium on the global sale and transfer of private surveillance technology.'”
I see their point but, honestly, I'd rather have some way of seeing, in clear, some vague approximation of what the current state of the art is in surveillance tech, rather than let ALL advances in it be done in government agency black projects without any reasonable chance of oversight.
...or am I being naive?
Perhaps everyone read the article and understands the bug was in a third-party app?
I think Apple's security is overrated by many (most?) users, but they're in the clear on this one. Unless you think they should do more extensive vetting of everything in the app store,1 which is a position one could argue, but doesn't seem economically feasible.
1Say, by requiring apps be submitted as source, which Apple would run through static analysis and then build and deploy to the store. That's technically feasible but probably not a viable business model, since it would be resource-intensive for Apple and would meet resistance from app developers.