Saudi Arabia ‘paid millions for tools used to crack mobile app’
THE alleged hacking of Jeff Bezos’s mobile phone would represent only the latest in years of efforts from Saudi Arabia to use the world’s most popular messaging app to spy on criminals, dissidents and activists.
Whatsapp has been championed by privacy activists, but criticised by politicians and security services, for its end-to-end encryption, a technology that stops messages being intercepted.
However, its security credentials do not mean the world’s most popular messaging app is bulletproof, with governments and hackers racing to discover and exploit any holes.
According to allegations from human rights organisations such as Amnesty, Israeli reports and researchers at the University of Toronto Citizen Lab, Saudi Arabia has become an enthusiastic owner of hacking tools used to crack Whatsapp, spending millions on software from multiple companies and using it against some of its key targets.
Riyadh has been accused of using malicious software to hack into the phone of Jamal Khashoggi, the murdered dissident, while human rights organisations have claimed the country has used malicious Whatsapp messages to target activists abroad.
Saudi Arabia’s reported attempts to exploit technology for hacking purposes are allegedly directed by Saud al-qahtani, the head of its Federation for Cybersecurity, Programming and Drones, and a confidant of the Crown Prince. In 2016, al-qahtani reportedly obtained a 20 per cent stake in Hacking Team, an Italian hacking company, on behalf of the Saudi government.
According to internal emails published by Wikileaks, Hacking Team had earlier been asked by unnamed potential customers to find a way to infect devices sent via Whatsapp.
Riyadh has also been accused of using software developed by NSO Group, a spyware firm founded by two Israeli technologists. Last year, Whatsapp sued NSO, claiming its technology had been used to send malware to 1,400 phones to read their communications using a security hole it has now patched. NSO’S technology, for which Saudi Arabia paid a reported $55million (£42million) in 2017, was allegedly used to hack Mr Khashoggi’s phone.
An analysis of Mr Bezos’s phone carried out by researchers at FTI Cybersecurity said both NSO and Hacking Team probably possessed tools capable of infecting devices over Whatsapp, but stopped short of directly linking the attack to one of the two groups.
NSO has denied that its technology was used to hack Mr Khashoggi or Mr Bezos’s phone, and has pledged to vigorously fight Whatsapp’s lawsuits.
Security experts said although the Whatsapp video sent to Mr Bezos could not be definitively linked to the hack, it was the most likely cause of it.
Prof Alan Woodward, a University of Surrey cyber security expert, said although vulnerabilities could be found in almost any app, Whatsapp’s popularity made it a popular target.
“When people receive [malicious] files on Whatsapp they trust it; on an email they wouldn’t,” he said.
Whatsapp has not commented on the claims, while Hacking Team could not be reached for comment.