Cyber experts question Bezos’ hack report claims

Amazon founder and Washington Post owner Jeff Bezos seen in this file photo.
Amazon founder and Washington Post owner Jeff Bezos seen in this file photo.

DUBAI — Cyber security experts cast doubt on a report accusing Saudi Arabia of hacking into the cellphone of Amazon founder and Washington Post owner Jeff Bezos, saying it had not found any hard evidence.

The allegation, denied by the Saudi government, was made in a report by Washington-based consultancy FTI Consulting that concluded with “medium to high confidence” that Bezos’s iPhone X was compromised via malware they allege originated from a video sent to Bezos’s Phone.

The FTI Consulting report, originally published in November, was picked up on Wednesday by UN special rapporteurs, Agnes Callamard and David Kaye, who said in a statement that they were “gravely concerned” by its findings.

Cyber security experts questioned FTI Consulting’s conclusions, saying the report was not based on a thorough forensic examination.

“The details really matter here and the public reporting falls short of any real firm smoking gun,” iPhone security expert and CEO of Guardian Firewall Will Strafach was quoted as saying by The Associated Press.

The FTI Consulting report was commissioned by Bezos and originally published in November last year.

Experts noted that the report published by the UN rapporteurs said that no known malware was detected on Bezos’s phone when it was tested.

Furthermore, they pointed to the statement in the report that said: “Initial results did not identify the presence of any embedded malicious code” after analysis of what they called the “suspect video file”.

While Strafach noted that it was possible that if Bezos was hacked and that the hackers could have deleted all the evidence, the report did not show that any malware was actually on the phone.

An additional puzzling element was FTI Consulting’s inability to analyze the contents of the “encrypted downloader”, known as an .enc file, through which the video was transmitted.

Bill Marczak, senior researcher at the Citizen lab at University of Toronto, told The Medium: “It is possible to decrypt the contents of an .enc file from WhatsApp, given a forensic extraction of the phone, of the type that FTI mentions they performed.”

Alex Gantman, head of product security engineering at Qualcomm, tweeted that the observed baseline in FTI Consulting’s graph showing spikes in traffic “seems unrealistically low, raising questions about log validity”.

“This report is pretty bad and only serves to lower (if not wholly erode) my confidence in claimed conclusions,” Gantman said on Twitter.

Saudi Arabia’s embassy in the United States responded to the allegations on Wednesday by describing them as “absurd” and calling for an investigation.

“Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos’ phone are absurd. We call for an investigation on these claims so that we can have all the facts out,” the embassy said on its official Twitter page.

Saudi Arabia’s Foreign Minister Prince Faisal Bin Farhan said that the statement of the UN special rapporteurs contained “no hard evidence to substantiate the claims it's making.”

The publication of the UN rapporteur statement, coming two months after the FTI Consulting report, appeared to be a political move designed to give new momentum to the allegations, according to a source close to the Saudi government said.

“It could be that this will actually have the opposite effect, because their statement only served to highlight the absence of any hard evidence in the original report,” he said, asking not to be named. — Al-Arabiya English