Friday February 28, 2020
Home Lead Story Social Networ...

Social Networking Giant Facebook Blames Apple iOS for Bezos’ Phone Hacking

WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages

0
//
Social Media, Facebook, Authenticity, Posts
The social media application, Facebook is displayed on Apple's App Store, July 30, 2019. VOA

Facebook has blamed Apple’s operating system for the hacking of Amazon Founder and CEO Jeff Bezos’ phone, saying WhatsApp’s end-to-end encryption is unhackable.

Investigators believe that Bezos’s iPhone was compromised after he received a 4.4MB video file containing malware via WhatsApp – in the same way when phones of 1,400 select journalists and human rights activists were broken into by Pegasus software from Israel-based NSO Group last year.

In an interview to the BBC last week, Facebook’s Vice President of Global Affairs and Communications, Nick Clegg, said it wasn’t WhatsApp’s fault because end-to-end encryption is unhackable and blamed Apple’s operating system for Bezos’ episode.

“It sounds like something on the, you know, what they call the operate, operated on the phone itself. It can’t have been anything on the, when the message was sent, in transit, because that’s end-to-end encrypted on WhatsApp,” Clegg told the show host.

Clegg compared the hack to opening a malicious email, saying that “it only comes to life when you open it”.

According to a report from FTI Consulting, a firm that has investigated Bezos’ phone, after that the video file was received, Bezos’ phone started sending unusually large amounts of outbound data, including his intimate messages with his girlfriend Lauren Sanchez.

Jeff Bezos
Jeff Bezos, Amazon founder and owner of Blue Origin. (Wikimedia commons)

According to Clegg, “something” must have affected the phone’s operating system.

“As sure as you can be that the technology of end-to-end encryption cannot, other than unless you have handset, or you have the message at either end, cannot be hacked into,” he was quoted as saying.

Apple was yet to comment on Facebook’s statement.

The NSO Group has denied it was part of Bezos’ hacking.

Also Read: Here Are Some Life Lessons That We Can Learn From Freedom Fighters this Republic Day

WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages. But the piece of NSO Group software exploited WhatsApp’s video calling system by installing the spyware via missed calls to snoop on the selected users.

According to leading tech policy and media consultant Prasanto K. Roy, end-to-end encrypted apps (E2EE) do provide security, and messages or calls cannot be intercepted and decrypted en route without enormous computing resources.

“But once anyone can get to your handset, whether a human or a piece of software, the encryption doesn’t matter anymore. Because on your handset, it’s all decrypted,” Roy told IANS recently. (IANS)

Next Story

Facebook Files Lawsuit Against Data Analytics Firm For Using User’s Data

Facebook sues data analytics firm for harvesting users' data

0
Facebook
Facebook has filed a federal lawsuit in California court against New Jersey-based data analytics firm OneAudience for secretly harvesting its users' data. Pixabay

Stung by the Cambridge Analytica scandal, Facebook has filed a federal lawsuit in California court against New Jersey-based data analytics firm OneAudience for secretly harvesting its users’ data.

According to the lawsuit, OneAudience improperly accessed and collected user data from Facebook and other social media companies by paying App developers to install a malicious Software Development Kit (SDK) in their apps.

“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” read the lawsuit. Security researchers first flagged OneAudience’s behaviour to Facebook as part of its data abuse bounty programme.

Facebook
According to the lawsuit, OneAudience improperly accessed and collected user data from Facebook and other social media companies. Pixabay

Facebook, and other affected companies, then took enforcement measures against OneAudience.

“Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate,” said Jessica Romero, Director of Platform Enforcement and Litigation. “This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she added.

In November last year, Facebook and Twitter admitted that data of hundreds of users was improperly accessed by some third-party apps on Google Play Store as they logged into those apps.

Security researchers discovered that the One Audience and Mobiburn software development kits (SDK) provided access to users’ data, including email addresses, usernames, and recent tweets, on both the platforms.

Twitter and Facebook said they will notify those whose information was likely shared through apps.

Facebook has sued several third-party platforms in the recent past for scrapping users’ data, including Israeli surveillance vendor NSO Group that sells malicious software Pegasus to government agencies.

Also Read- Drivers of Expensive Cars More Dangerous to Pedestrians

“Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy,” said the company. (IANS)