The technology world was recently rocked by news that the richest man in the world, Jeff Bezos was hacked by Saudi Arabia’s Crown Prince Mohammed bin Salman (MBS)
The news had immense applications for ordinary people like you and I because the hack happened on the popular messaging application, WhatsApp.
The story goes that Bezos and MBS met in the United States in March 2018 and exchanged phone numbers. One month later Bezos was hacked when MBS sent him a video on WhatsApp that contained malicious software. What followed was a regular transfer of hundreds of megabytes of data from Bezos’ phone.
This hack was uncovered by a team of forensic experts hired by Bezos, and corroborated by United Nations investigators who have since called for a larger probe into the saga.
‘‘Immediately upon receiving this video file the phone started behaving in a completely different way from the way it was behaving initially. And one example of this different behaviour is a very large number of data being exfiltrated out of the phone,’‘ Agnes Callamard, UN Special Rapporteur explained.
We spoke to Emmanuel Chagara, the Chief Executive Officer at Milima Security, a cybersecurity firm in Uganda.
We asked him to share with us simple tips we all can use to protect ourselves from being hacked.
‘‘Three things, number one, whenever you hear of an update, please do the update. Very many people are very lazy to update the applications, some of them think it consumes a lot of data, please always be responsible to update your applications. Secondly, when you receive a file from an untrusted source, always ensure that you are asking. It’s important to be paranoid rather than trust everything, so you’d rather ask; why have you sent me this file, what is the content of this file, before you can proceed to download. Sam story with the Jeff Bezos case, he received a video file, he downloaded it and it gained access to his phone and transfered all the information back to his attackers. Third thing is to understand that even when you have protected the application, the phone could still be vulnerable by itself.’‘
We also asked him to what extent technology companies can take responsibility for securing their users’ data.
‘‘The company has to ensure that they have done everything within their power to protect the users’ data. Anything in excess of that, like in a case where your phone is stolen, then you cannot hold the company accountable. But if your phone is hacked remotely because of a weakness that could have been avoided by the vendor, then you can hold the company accountable. So, when you go back to the case of Jeff Bezos, from what I vaguely know, he actually did not have an updated version. So, WhatsApp can easily argue their case by saying we had a newer version. If you had updated it, your phone would not be vulnerable to that hack. So, companies have their own responsibilities, governments are holding them accountable but we also have our part to play. It’s a joint collaboration.’‘