Jeff Bezos might be (much) wealthier than you, but he’s not smarter than you—at least, not when it comes to basic smartphone security. As you probably read and laughed at (and then sighed at, after you looked up how much Bezos makes each minute), Saudi Crown Prince Mohammed bin Salman recently sent Bezos a video file via WhatsApp. This file actually “contained malware that penetrated Bezos’s mobile phone and exfiltrated a large amount of data within hours,” describes The Guardian.
While most people might not find themselves the subject of a direct cybersecurity attack by a suspected friend, the ease at which Bezos was suckered is jarring, but not unsurprising. It’s also a great reminder to never forget one of the most important security steps you can use to shield yourself from malware attacks. Ready?
Don’t open or download files you didn’t ask for
That’s it. Easy. Well, not so easy. If some random phone number or internet stranger sends you a file to look at, avoiding it shouldn’t take a lot of willpower. You’d be a sucker to load random files or videos you receive, especially if they’re accompanied by a sketchy-sounding message.
When a friend—especially a new friend—sends you something to view, like a seemingly innocent, funny video, I understand why you might drop your guard and open it up. What reason would they have to hit you with malware, after all? And where would they have gotten that malware? And isn’t that a funny-looking cat? Why wouldn’t you want to watch what it does?
It’s difficult to make big security recommendations for situations like these, and saying “Don’t view any videos ever” isn’t realistic. Even suggesting that one platform might be less secure than the other doesn’t help. Bezos’ hacked phone was allegedly an iPhone, not an Android—as you might have first guessed if you assumed that Apple’s mobile platform is unbreachable. The attack vector was apparently WhatsApp itself, as U.N. Human Rights investigators describe:
The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group’s Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials. This would be consistent with other information. For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.
As The New York Times notes, it’s not even clear whether Bezos opened the video file (and malware) himself, or whether the simple act of receiving it was enough to exploit a vulnerability in WhatsApp. In other words, the simple act of receiving malicious code, buried in an innocent piece of content, is enough. You could do everything you can to not engage with it, but it might not even matter—unless you avoid the message entirely, which is contrary to the point of a messaging app.
Other ways to avoid shitty phone malware
As I said, it’s hard to make sweeping security recommendations that don’t, in some way, impact the basic ways you interact with apps, services, and your friends. I’m not going to say “Don’t ever open a video file ever again,” because that’s silly. If you’re sent something unsolicited, avoid it, but if a friend messages you a video on WhatsApp, what should you do?
Real talk: You’re probably safe to open files like these in most cases. If there was some huge malware epidemic surging across WhatsApp, Signal, or whatever messaging service you fancy, you would hear about it—trust me. These one-off attacks are unlikely to be launched by your good friends, and only slightly more likely to be launched by people you recently met and don’t know that well. We’re talking about a 0.01 to 0.05 percent difference, I’d say.
You could opt out of using third-party messaging apps and stick to your phone’s default methods, but that’s a pretty big ask. I talk with my friends equally across Facebook Messenger and regular text messages, for example; cutting out the former isn’t going to work. And some third-party apps, like Signal, give you powerful protections for your daily messaging (via their baked-in end-to-end encryption). Why wouldn’t you want that?
These third-party apps can have issues of their own, but so can your smartphone’s default messaging service. I’m willing to say the latter is likely safer than the former for things like media attachments, but not enough to warrant ignoring any and all content you’re ever sent in a third-party app like WhatsApp. You can’t really do that anyway, short of deleting the app entirely.
What I would do is set up a quick Google alert for whatever messaging service(s) you use most. That way, you’ll stay on top of any news about recently discovered vulnerabilities or issues with the service, which can help you decide whether it’s worth taking a quick break from the service, or switching to a different one until those problems are resolved.
Turn off auto-downloading
One setting that might help you out, which allegedly ensnared Bezos, is to turn off any automatic download features your messaging app contains. In WhatsApp, for example, you have a number of different ways to keep media from automatically being downloaded to your device. While I can’t verify that this would have protected Bezos no matter what, leaving the setting on its auto-downloading default could allow video malware to escape the digital sandbox on iOS and Android.
Track your data use
It’s easy to see if you’re suddenly gobbling up too much cellular data on iOS or Android, which could be a sign that something is amiss on your device, Bezos-style. There isn’t a great way to see how much wifi data your iOS device is demanding, unless you can analyze this via your router, but Android users should be able to do this natively within the operating system (or via a third-party app).
As the Times describes, you’ll want to be on the lookout for an unrealistic increase in how much data your device is shooting out: “In the 24 hours after it was sent, Mr. Bezos’ iPhone began sending large amounts of data, which increased approximately 29,000 percent over his normal data usage.”
If you see sharp increases in your data use, and you haven’t been doing much extra downloading or streaming, consider that malware is a possibility. It’s still a remote possibility, but I might consider grabbing a scanner app or two to see if they can find anything, or even factory-resetting my device (assuming that clears it up).