Facebook has blamed Apple’s operating system for the hacking of Amazon Founder and CEO Jeff Bezos’ phone, saying WhatsApp’s end-to-end encryption is unhackable.
Investigators believe that Bezos’s iPhone was compromised after he received a 4.4MB video file containing malware via WhatsApp – in the same way when phones of 1,400 select journalists and human rights activists were broken into by Pegasus software from Israel-based NSO Group last year.
In an interview to the BBC last week, Facebook’s Vice President of Global Affairs and Communications, Nick Clegg, said it wasn’t WhatsApp’s fault because end-to-end encryption is unhackable and blamed Apple’s operating system for Bezos’ episode.
“It sounds like something on the, you know, what they call the operate, operated on the phone itself. It can’t have been anything on the, when the message was sent, in transit, because that’s end-to-end encrypted on WhatsApp,” Clegg told the show host.
Clegg compared the hack to opening a malicious email, saying that “it only comes to life when you open it”.
According to a report from FTI Consulting, a firm that has investigated Bezos’ phone, after that the video file was received, Bezos’ phone started sending unusually large amounts of outbound data, including his intimate messages with his girlfriend Lauren Sanchez.
According to Clegg, “something” must have affected the phone’s operating system.
“As sure as you can be that the technology of end-to-end encryption cannot, other than unless you have handset, or you have the message at either end, cannot be hacked into,” he was quoted as saying.
Apple was yet to comment on Facebook’s statement.
The NSO Group has denied it was part of Bezos’ hacking.
WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages. But the piece of NSO Group software exploited WhatsApp’s video calling system by installing the spyware via missed calls to snoop on the selected users.
According to leading tech policy and media consultant Prasanto K. Roy, end-to-end encrypted apps (E2EE) do provide security, and messages or calls cannot be intercepted and decrypted en route without enormous computing resources.
“But once anyone can get to your handset, whether a human or a piece of software, the encryption doesn’t matter anymore. Because on your handset, it’s all decrypted,” Roy told Indian Media recently.