What Jeff Bezos Can Teach You About Smartphone Security
Jeff Bezos may be (much) richer than you, but he’s no smarter than you – at least when it comes to basic smartphone protection. As you’ve probably read and laughed (and then sighed when you looked at how much Bezos makes every minute ), Saudi Arabia’s Crown Prince Mohammed bin Salman recently sent Bezos a video via WhatsApp. This file actually “contained malware that infiltrated Bezos’s mobile phone and dumped a large amount of data over the course of several hours,” The Guardian describes.
While most people may not be the target of a direct cybersecurity attack from a suspected friend, the ease with which Bezos gets sucked is frustrating but unsurprising. It’s also a great reminder to never forget one of the most important security steps you can use to protect yourself from malware attacks. Ready?
Don’t open or download files you haven’t asked for
That’s all. Light. Well, not everything is so simple. If some random phone number or a stranger from the Internet sends you a file to view, it doesn’t take a lot of willpower to avoid it. You cannot download random files or videos that you receive, especially if they are accompanied by a schematic sounding message.
When a friend – especially a new friend – sends you something to watch, such as a seemingly innocent, funny video, I understand why you can let your guard down and open it. After all, why should they have attacked you with malware? And where would they get this malware? And isn’t that a funny cat? Why don’t you see what he does?
In such situations, it is difficult to give detailed safety recommendations, and it is unrealistic to say “Never watch a video”. Even the assumption that one platform may be less secure than another does not help. Bezos’s jailbroken phone is said to have been an iPhone , not an Android – as you might have guessed if you assumed that Apple’s mobile platform was not jailbroken. The attack vector was apparently WhatsApp itself, as UN human rights investigators describe :
Forensic analysis showed that the invasion was likely to have been undertaken using a known spy product identified in other surveillance cases in Saudi Arabia, such as the NSO Group’s Pegasus-3 malware, a product that was widely reported to have been acquired and deployed by Saudi Arabian officials. This is consistent with other information. For example, the use of WhatsApp as a platform to install Pegasus on devices has been well documented and has been the subject of a Facebook / WhatsApp lawsuit against the NSO Group.
As noted by The New York Times , it is not even clear whether Bezos opened the video file (and malware) himself, or whether a simple act of obtaining it was enough to exploit the vulnerability in WhatsApp. In other words, a simple step is enough to obtain malicious code hidden in an innocent piece of content. You can do your best not to interact with it, but it might not even matter – unless you completely avoid the message, which is against the principle of a messaging app .
Other ways to avoid crappy phone malware
As I said, it is difficult to provide general security guidelines that do not in any way affect the basic ways you interact with applications, services, and your friends. I’m not going to say, “Never open a video file again,” because that’s silly. If you sent something unwanted , avoid it, but if a friend sends you a video on WhatsApp, what should you do?
Real Conversation: Most of the time, you can probably safely open such files. If there was a huge malware epidemic on WhatsApp, Signal or any other messaging service, you would hear about it – trust me. These one-off attacks are unlikely to be initiated by good friends of yours, and only slightly more likely to be initiated by people you recently met and don’t know very well. I would say that we are talking about a difference of 0.01 to 0.05 percent.
You can opt out of using third-party messaging apps and stick with your phone’s default methods, but that’s a pretty tricky one. I talk to my friends in the same way, for example via Facebook Messenger and regular text messages; excluding the first will not work. And some third-party apps like Signal provide powerful protection for your daily messaging (with built-in end-to-end encryption). Why don’t you want this?
These third-party apps may have their own issues, but they may also have issues with your smartphone’s default messaging service . I’m willing to say that the latter is probably safer than the former for things like media attachments, but not enough to ensure that any and all content you’ve ever sent on a third-party app like WhatsApp is ignored. In any case, you cannot do this unless you uninstall the application completely.
I would make a quick google alert for whatever messaging services you use the most. This way, you will be aware of any recent vulnerabilities or problems with the service, which will help you decide whether to take a short break from the service or switch to another until these problems are resolved.
Disable autoload
One setting that might help you, and that allegedly attracted Bezos, is to turn off any auto-download features your messaging app has. For example, on WhatsApp, you have several differentways to prevent media from automatically downloading to your device. While I can’t verify that this could have protected Bezos, no matter what, by leaving the default auto-download setting, video malware can get out of the digital sandbox on iOS and Android.
Track data usage
It’s easy to see if you are suddenly consuming too much cellular data on iOS or Android, which could be a sign that something is wrong with your device, in a Bezos style. There is no great way to find out how much Wi-Fi data your iOS device requires if you cannot analyze it through your router, but Android users should be able to do this natively in the operating system (or through a third-party app. ).
As the Times writes, you need to watch for an unrealistic increase in the amount of data transmitted by your device: “24 hours after shipment, Mr. Bezos’s iPhone began sending large amounts of data, an increase of about 29,000 percent over his typical data usage.”
If you see a dramatic increase in data usage and you haven’t performed many additional downloads or streaming, consider malware. This is still a distant possibility, but I might consider grabbing a scanner app or two to see if they can find anything, or even performing a factory reset on my device (assuming that clears it up) …