On the 1st May 2018, the world’s richest man opened a WhatsApp message sent from the account of Mohammed bin Salman, Saudi Arabia’s crown prince and future king. There would have likely been little reason for Jeff Bezos to treat the message with any suspicion, having met the Saudi monarchy’s heir on multiple occasions, and attending a dinner with him just weeks before. The message appeared to be part of a friendly exchange, yet little did Mr Bezos know that the file was encrypted with malware, a malicious piece of code which infiltrated his iPhone X and extracted large amounts of his data within a matter of hours. The precise details of the message and its content remains unclear, as does the nature of the data accessed by the hackers, however, it is highly unlikely that this is the first time Bezos has been subject to hacking, given his status as a high profile target.
The precise motive is also unclear; however, it is considered that the relations between the pair soured prior to the murder of Jamal Khashoggi in the Saudi consulate in Istanbul. Khashoggi was a prominent critic of the Saudi status quo and had written several articles for The Washington Post, a publication owned by Bezos, which would have undoubtedly angered Riyadh. The Saudi’s meanwhile deny any wrongdoing, with claims of bin Salman’s direct involvement dismissed as “absurd”. Many details remain unknown, complicated by the fact that the Amazon founder's privacy was compromised further after intimate communications between him and girlfriend Lauren Sanchez were leaked to the National Enquirer, allegedly by Sanchez’s brother.
The issue of online privacy is a particularly sensitive one. In this truly digital age, just how much control do we have on the information stored on our devices? From personal messages to pictures, documents to online banking services, millions of us willingly store confidential and sensitive material on our mobile phones. As such, we are all vulnerable to the consequences when our digital behaviours are exploited. The Bezos case is a fine example of this, and the fact that this happened to the wealthiest man on the planet, a multi-billionaire likely afforded the highest levels of protection should serve as a wakeup call. Simply put, if the privacy of one of the world's most influential businessmen can be compromised, anyone’s can.
Rightly or wrongly, Mobile phones are an integral part of our lives. Beyond the rapid changes these devices have made to the nature of communications, advances in mobile technology have revolutionised the way we consume media, conduct business, and make transactions. The devices are increasingly complex, with a vast array of applications & functions supported by millions of lines of code. Our voluntary submission of personal data helps paint a picture of our daily lives, from the trivial and mundane, to the sensitive and intimate. A multitude of third parties now have an unparalleled opportunity to access the wealth of personal details typically stored on a device, often to optimise their functionalities, or say the targeting of their advertising. Equally, this presents an opportunity for those with more nefarious intentions, with a heightened risk of hacking by both criminal and surveillance operators.
There are myriad threats to our data and content beyond a phone being directly hacked, and sadly, there are no quick fixes. For instance, diligently deleting sensitive communications from your device does little to reduce the risks. Should the person at the other end fail to clear the content, it is still very much available for the hackers to access & exploit. This is also true of cloud storage services, which store data, messages and media files as a backup across many devices and can be easily infiltrated.
Significant weaknesses exist in various components of the devices; signals for instance can be exploited by surveillance devices known as ‘stingrays’, mimicking mobile phone towers and tricking devices into transmitting their location and user identities. Meanwhile, sim cards are particularly vulnerable to ‘hijacking’, whereby criminals can take over a mobile number and impersonate another user. This method is common in instances of bank fraud, with mobile numbers commonly being used as a means of conducting and authenticating transactions.
Another security concern lies in the collection and usage of geolocation data, which is routinely gathered and stored by mobile phone manufacturers, applications and networks, as well as law enforcement agencies. For many, the notion of government actors monitoring our movements unbeknownst to the public will sound downright Orwellian. The usage of geolocation data was controversially brought to the fore after The New York Times revealed how Google stores location data for hundreds of millions of devices, its records stretching nearly a decade as part of its Sensorvault database. Such detailed records make it relatively simple to track the physical movements of an individual, which has been hailed for its potential application in a law enforcement context. It does however present a risk of innocent people being caught up in such investigations and raises questions of morality and the suppression of certain freedoms. Additionally, whilst law enforcement is somewhat constrained in the ways it uses geolocation data by legislative instruments such as warrants, there are no such parameters to prevent criminals and spies exploiting it to target an individual's movements.
Privacy aside, more troubling is the potential for geolocation targeting to be applied in a military context. In 2014, reports surfaced from a former US drone operator that the National Security Agency (NSA) routinely uses SIM card geolocation data as a means of precisely targeting drone strikes and assassinations in its anti-terrorism operations. This report was supported by NSA documents released by whistleblower Edward Snowden, and is perhaps the most disturbing example of how the information stored on mobile devices could be utilised. With human lives at stake, there is zero margin for error.