Jeff Bezos's phone was hacked; what does this say about the relationships we have with our phones? Roy Akerman, VP, Cybereason, discusses.
The richest man on earth has been hacked. The iPhone X hack of Jeff Bezos has been hitting the news and grabbing attention from all over the world. This incident shows us how easily foreign countries can hack into mobile devices and their motives for doing so, whether it be for extortion or to control newspaper agendas.
The thin line between business and private life and data puts on display how vulnerable business seniors and high-ranking officials are, all because of the inherent cross-contamination on mobile devices. This is why hackers are so interested in mobile devices, and also exactly why officials do not want to allow IT or security to control it.
But there are bigger lessons hidden within this incident and the amount of public interest it generates. Why do the most powerful politicians, celebrities, and C-Levels in the world refrain from protecting their phones, which hold many of their secrets? Why do we?
We believe, “It will not happen to me.”
This is distinctly tied to other successful hacks of celebrity and government-owned mobile devices, like the recent claim that Boris Johnson was hacked. These incidents spread like wildfire, as society’s natural curiosity kicks in and we consume any information we can on the latest scandal. This only serves to further fuel our own personal fears of our susceptibility to these kinds of attacks, even though we take little action to prevent it.
I don’t necessarily believe Bezos should have to avoid mixing his business and private life on the same device. This is the whole point of having a powerful tool in our hands: to be able to do almost anything anywhere. What makes me stop and consider is that, even when the technologies to stop mobile threats are at hand, the powerful still choose not to use them and stay vulnerable.
During my past life as chief of cyber security operations, I learned about this paradox firsthand. A senior official had been hacked because they didn’t protect their devices. They claimed that they had business and personal data on their laptop that was so sensitive that they had to prevent anyone from seeing it. They would not even allow a security or IT team to secure it, and they paid for it.
That incident happened during the reign of laptops and traditional endpoints. Now, however, mobile devices have taken over. They have become more than just a data carrier, and conveniently house our photos, banking information, flight data, personal notes, schedules, all of our business and personal contacts, our identification, and more.
Jeff Bezos is the perfect example of this, who multitasked on his WhatsApp account to simultaneously chat about foreign policy with Mohammed Bin Salman and intimately communicate with his lover.
We have become desensitized to mobile device threats thanks to a series of colliding factors. Mobile device companies work very hard to make us feel comfortably secure. They try to push our attention away from the security issues that arise by releasing tons of updates constantly.
Meanwhile, they push away security companies that try to get deep insight into the OS and device level, so they don’t have to worry about exposing more vulnerabilities and losing the trust of the public.
Simultaneously, our collective belief that no one would be interested in our data is ever present. It’s hard for us to believe that someone is interested in spending the time and effort to hack our device in a way that will have a big impact on our lives or on our company.
We must break the optimism bias to the device that holds our entire life, corporate and personal. The attack on Jeff Bezos could have been prevented, even with a simple tool that monitors and flags excessive use of the network upstream or battery life. Do you have these tools on your device?