Cyber security experts cast doubt on a report accusing Saudi Arabia’s Crown Prince Mohammed bin Salman of hacking into the cellphone of Amazon founder and Washington Post owner Jeff Bezos, saying it had not found any hard evidence.
The allegation, swiftly denied by the Saudi government, was made in a report by Washington-based consultancy FTI Consulting which concluded with “medium to high confidence” that Bezos’s iPhone X was compromised via malware they allege originated from a video sent by the Crown Prince to Bezos on May 1, 2018.
The FTI Consulting report, originally published in November, was picked up on Wednesday by UN special rapporteurs, Agnes Callamard and David Kaye, who said in a statement that they were “gravely concerned” by its findings.
Cyber security experts questioned FTI Consulting’s conclusions, saying the report was not based on a thorough forensic examination.
“The details really matter here and the public reporting falls short of any real firm smoking gun,” iPhone security expert and CEO of Guardian Firewall Will Strafach was quoted as saying by The Associated Press.
The FTI Consulting report was commissioned by Bezos and originally published in November last year.
Experts noted that the report published by the UN rapporteurs said that no known malware was detected on Bezos’s phone when it was tested. Furthermore, they pointed to the statement in the report that said: “Initial results did not identify the presence of any embedded malicious code” after analysis of what they called the “suspect video file”.
While Strafach noted that it was possible that if Bezos was hacked and that the hackers could have deleted all the evidence, the report did not show that any malware was actually on the phone.
An additional puzzling element was FTI Consulting’s inability to analyze the contents of the “encrypted downloader”, known as an .enc file, through which the video was transmitted.
Bill Marczak, senior researcher at the Citizen lab at University of Toronto, told The Medium: “It is possible to decrypt the contents of an .enc file from WhatsApp, given a forensic extraction of the phone, of the type that FTI mentions they performed.”
Spikes in traffic
Central to the FTI Consulting’s claim of foul play was a spike in data traffic from Bezos’ phone almost immediately after he reportedly received the video sent by the Crown Prince. The data traffic, including photos, text messages, and emails, lasted for months, according to FTI Consulting.
Alex Gantman, Head of Product Security Engineering at Qualcomm, tweeted that the observed baseline in FTI Consulting’s graph showing spikes in traffic “seems unrealistically low, raising questions about log validity”.
“This report is pretty bad and only serves to lower (if not wholly erode) my confidence in claimed conclusions,” Gantman said on Twitter.
Calls for further investigation
Saudi Arabia’s embassy in the United States responded to the allegations on Wednesday by describing them as “absurd” and calling for an investigation.
“Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos’ phone are absurd. We call for an investigation on these claims so that we can have all the facts out,” the embassy said on its official Twitter page.
Saudi Arabia’s Foreign Minister Prince Faisal bin Farhan said that the statement of the UN special rapporteurs contained “no hard evidence to substantiate the claims it's making.”
The publication of the UN rapporteur statement, coming two months after the FTI Consulting report, appeared to be a political move designed to give new momentum to the allegations, according to a source close to the Saudi government said.
“It could be that this will actually have the opposite effect, because their statement only served to highlight the absence of any hard evidence in the original report,” he said, asking not to be named.