Apple prides itself on the iPhone’s state-of-the-art security system, but researchers suggest that is what allowed for the attack on Amazon CEO Jeff Bezos’ smartphone.
The tech giant controls the operating system and because nearly every iPhone is running on the same version, a sophisticated attacker finds a single vulnerability they can penetrate any phone– even high profile individuals.
Apple believes less visibility into the system means fewer bugs will be discovered, allowing it to stay more secure – so the firm is very secretive about the code.
In Bezos’ case, hackers likely exploited a series of bugs Apple had overlooked that let them bypass all the layers of the ‘phone’s considerable defenses’, according to The Washington Post.
Experts are now suggesting ‘VIP and special people’ trade in their iPhones for a custom Android smartphone, because although it may have more vulnerability, it allows professionals to find and fix them.
Scroll down for video
Apple prides itself on the iPhone’s state-of-the-art security system, but researchers suggest that is what allowed for the attack on Amazon CEO Jeff Bezos’ (pictured) smartphone. In Bezos’ case, hackers likely exploited a series of bugs Apple had overlooked make their was through all the layers of the ‘phone’s considerable defenses
News surfaced last week that Bezos’ iPhone X was hacked in 2018 after he received a malicious WhatsApp message from the crown prince of Saudi Arabia, months before the National Enquirer exposed his affair.
According to forensic examination of the phone afterwards, the message was sent on May 1, 2018.
Within hours, a large amount of data from Bezos’ iPhone was extracted.
Apple has long been against letting security researchers bypass security restrictions to peer into the operating system in order to sniff out vulnerabilities that may have gone unnoticed.
However, security researchers are trying new ways to work around Apple’s gridlock to determine whether iPhones have been hacked.
News surfaced last week that Bezos’ iPhone X was hacked in 2018 after he received a malicious WhatsApp message from the crown prince of Saudi Arabia (pictured), months before the National Enquirer exposed his affair. Within hours of the receiving the message, a large amount of data from Bezos’ iPhone was extracted
Zec Ops, a two-year-old cybersecurity firm, focuses on helping on companies and high-profile individuals.
Customers are asked to hook their iPhone up to a computer or kiosk that uploads data logs to a server, so Zec Ops employees can see what is going inside the technology.
HOW THE ‘HACK’ UNFOLDED
September 2017: David Pecker, the publisher of AMI, reportedly meets Mohammed bin Salman
April 2018: The crown prince attends a dinner in Hollywood hosted by producer Brian Grazer where he meets Jeff Bezos
May 1: The video is sent from the prince’s phone to Bezos’ via WhatsApp
October 2018: Washington Post columnist Jamal Khashoggi is murdered by Saudi regime
January 2019: The National Enquirer publishes its expose on Bezos’ affair with Lauren Sanchez
March 2019: Bezos’ private investigator Gavin De Becker says he has proof Saudi Arabia hacked Bezos’ phone – Saudi Arabia denies it
January 2020: The Guardian reports that the prince’s message was the source of the hack. A UN report comes to the same conclusion
Zuk Avraham, co-founder and CEO of Zec Ops, that to the untrained eye, the logs look like jumbled computer code.
But for those proficient in the technology, it provides clues that a hacker may have left at the scene.
After analyzing tens of thousands of phones, Avraham says he estimates 2 to 3 percent of them showed possible indicators of attacks.
‘Apple is doing a relatively great job at securing those devices,’ Avraham said.
But breaking into one remotely ‘is still within the capabilities of a talented individual.’
Researchers are also using the process called ‘jailbreaking’, which requires them to physically install new software onto the smartphone.
However, Apple has noted time and time again, that doing so violates a federal law known as the ‘Digital Millennium Copyright Act.’
Google, on the other hand, seems to believe the more the eyes the better.
The firm has given the public access to its operating system, allowing them to look for flaws that may have otherwise never been found.
It also allows researchers to use virtual Android devices.
When researchers are able to penetrate an iPhone’s iOS and find flaws, they actually hide their findings from Apple.
When researchers are able to penetrate an iPhone’s iOS (stock) and find flaws, they actually hide their findings from Apple. They are concerned that Apple will immediately ‘patch’ them’ and prevent these experts from conducting further testing
They are concerned that Apple will immediately ‘patch’ them’ and prevent these experts from conducting further testing.
The Washington Post also noted that the ‘black market for iPhone bugs has flourished’ and these individuals are offering their hacking abilities to the government, or anyone who is willing to pay.
The United Nations issued a report last week suggesting that the malicious that malicious spyware created by Israeli company NSO Group may have been used by Saudi Arabia to hack Jeff Bezos’ phone and steal his nude selfies.
The UN high commissioner for human rights suggested that NSO Group’s Pegasus spyware was the ‘most likely’ explanation for data that was stolen from Bezos’ phone.
The report notes that the Saudi Royal Guard acquired the Pegasus-3 spyware from NSO Group in a November 2017 contract.
The U.N. experts said Bezos’ phone hacking occurred during a period in which the phones of two close associates of Jamal Khashoggi were also hacked, allegedly using the Pegasus malware.