However, as evidenced by a copy I obtained from FTI Consulting's security official, who was responsible for conducting an investigation ordered by Jeff Bezos himself, the evidence so far is circumstantial and there is not much certainty.
The researchers had created a safe laboratory to examine the iPhone X of Jeff Bezos, but they could not find any kind of malware on it. All they found was a suspicious video file that was sent to Jeff Bezos via WhatsApp on May2018.
The reason the video was indexed as suspicious is that the amount of data sent over the phone immediately after the video was received is very high and it has not returned to normal.
According to the investigation, Bezos iPhone usually had a data output of 430 KB per day, which is normal for mobile, however, hours after receiving the video, the data output increased to 126MB and maintained an average of 101MB per day during subsequent months.
The video sent by Muhammad bin Salman
Although the report does not clarify the tool that was used to penetrate the Jeff Bezos mobile phone and that caused its data leakage, it is mentioned that advanced spyware programs such as Pegasus for NSO Group or Galileo of Hacking Team are able to take advantage of legitimate applications and operations in a compromised device to bypass detection About the data and its infiltration as in the iPhone Jeff Bezos phone.
All the results of digital forensics, in addition to a broader investigation and intelligence, led the investigators to assess that the Bezos phone had been compromised by tools obtained by Saud Al-Qahtani, a friend and advisor close to Muhammad bin Salman.
Although the suspicious file was received through WhatsApp and downloaded automatically, it cannot be said that it actually represents a security vulnerability in WhatsApp.
The researchers did not find malicious code in the video file, although they discovered that the video was delivered through an encrypted download tool hosted on WhatsApp servers. However, due to the end-to-end encryption that the messaging app uses, they find it impossible to decrypt the contents of the messaging app to determine if it contains malicious code.
0 Comments