Was Jeff Bezos’ iPhone hacked by the Saudi Crown Prince? UN panel seeks probe

UN human rights experts have expressed grave concern and have sought "an immediate investigation by US and other relevant authorities" into the hacking of Amazon CEO Jeff Bezos' iPhone by Saudi Crown Prince Mohammad Bin Salman through a malware sent via WhatsApp.

In a press release published earlier today, the United Nations Human Rights Commission stated that two experts appointed by the Human Rights Council can confirm with "medium to high confidence" that Jeff Bezos' iPhone was hacked through a spyware-laced message sent by the Saudi Crown Prince via WhatsApp in May 2018.

Agnes Callamard, UN Special Rapporteur on summary executions and extrajudicial killings, and David Kaye, UN Special Rapporteur on freedom of expression, said that malware sent by the Saudi Crown Prince to Bezos was similar to the NSO Group's Pegasus-3 malware, the use of which has also been identified in other Saudi surveillance cases.

YOU MAY ALSO LIKE:

"The information we have received suggests the possible involvement of the Crown Prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia," the experts said.

"The allegations reinforce other reporting pointing to a pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities, including nationals and non-nationals. These allegations are relevant as well to ongoing evaluation of claims about the Crown Prince's involvement in the 2018 murder of Saudi and Washington Post journalist, Jamal Khashoggi.

"The alleged hacking of Mr. Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities, including investigation of the continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents," they added.

Saudi Crown Prince hacked Jeff Bezos' iPhone when Saudi authorities were surveilling Jamal Khashoggi

They noted that the use of Israeli firm NSO Group's Pegasus spyware to Saudi authorities is a concrete example of "the harms that result from the unconstrained marketing, sale and use of spyware" and that it "underscores the pressing need for a moratorium on the global sale and transfer of private surveillance technology."

"The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by US and other relevant authorities of the allegations that the Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul," they added.

A forensic analysis of Jeff Bezos' iPhone last year revealed that the spyware was hidden inside an MP4 video sent by the Crown Prince to the Amazon chief via WhatsApp on 1 May 2018. After the spyware was installed, it exfiltrated massive amounts of data from the iPhone to a remote server for several months and the data egress continued at as much as 106,032,045 percent higher than the pre-video data egress baseline for Mr. Bezos' phone of 430KB.

In October 2019, Facebook filed a lawsuit against NSO Group, alleging that the latter used WhatsApp servers located in the United States and elsewhere to infect approximately 1,400 mobile devices with malware to carry out surveillance of "Target Users".

According to security experts, the surveillance software installed by hackers in target devices was Pegasus, a well-known piece of spyware that features a number of surveillance capabilities that include capturing screenshots, keylogging, live audio capture, browser history exfiltration, email exfiltration from Android’s Native Email client, and exfiltration of contacts and text messages from devices.

According to researchers, Pegasus is also capable of exfiltrating messaging data from commonly-used applications such as WhatsApp, Skype, Facebook, Twitter, Viber, and Kakao and can self-destruct if an antidote file exists in an infected device or if it has not been able to check in with the servers after 60 days of infiltration.

MORE ABOUT: