Skip to main content

PSA: Never open a WhatsApp message from the crown prince of Saudi Arabia

PSA: Never open a WhatsApp message from the crown prince of Saudi Arabia


Learn from Jeff Bezos’ mistake

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

A photo of an iPhone running WhatsApp.
Photo by Thomas Ricker / The Verge

Bay Area! I’ll be talking with Anna Wiener about Uncanny Valley, her brilliant new memoir of a life in tech, on February 4th at Manny’s in San Francisco. It’s our second-ever Interface Live event, and it would mean the world to me if you came to say hello and talk tech and democracy with us. Get your tickets here!

Some days, when you write a column about the latest interactions between big tech platforms and the government, you try to make a meticulous and layered argument based on a series of nuanced observations about the world. Other days, you just write down a bunch of facts and say — wait, what?!

The past 24 hours have been a wait, what?! sort of day.

It has been just under a year since Amazon CEO Jeff Bezos shocked the world with a Medium post disclosing that he had been the subject of an extortion attempt, hired the best person in the world to investigate it, and promised to get to the bottom of it. The story’s elements included an extramarital affair, family betrayal, stolen nudes, and the crusading reporting of the Washington Post, which Bezos owns. Within days, a hefty amount of circumstantial evidence hinted that the government of Saudi Arabia — and its crown prince, Mohammed bin Salman, were likely involved in the scheme.

Then, on Tuesday afternoon, the Guardian published a bombshell: a forensic examination conducted at Bezos’ request by the FTI Consulting found that his phone had most likely been hacked in 2018 after he received a WhatsApp message from a personal phone number belonging to MBS himself. Stephanie Kirchgaessner reports:

The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.

This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

The report was subsequently confirmed by the Financial Times and New York Times, and , and Vice published the full report from FTI. Among other things, the report suggests that MBS was attempting to intimidate Bezos, months before a Post columnist — MBS critic Jamal Khashoggi — was brutally murdered on the crown prince’s orders, according to the CIA.

The United Nations has called for further investigation related to the Khashoggi murder, in which MBS continues to deny his involvement. Here’s Jared Malsin, Dustin Volz and Justin Scheck in the Wall Street Journal.

“The circumstances and timing of the hacking and surveillance of Bezos also strengthen support for further investigation by U.S. and other relevant authorities of the allegations that the Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul,” the officials said in a statement based on their review of the forensic analysis.


“At a time when Saudi Arabia was supposedly investigating the killing of Mr. Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post,” Ms. Callamard and Mr. Kaye said.

Some threads.

Is the case against MBS being behind the hack open and shut? On one hand, there’s no smoking gun. On the other, no one has proposed a credible-sounding alternate culprit. The gist is that after MBS’ WhatsApp account sent Bezos a video file, Bezos’ phone went crazy and started transmitting an enormous amount of data:

That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented “study of the code delivered along with the video.”

Investigators determined the video or downloader were suspicious only because Bezos’ phone subsequently began transmitting large amounts of data. “[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter,” the report states.

Still, information security types aren’t satisfied with the FTI report, arguing that someone with access to the phone and the malicious file should be able to find direct evidence that it was the culprit. See Alex Stamos on this point.

What malware was used in the attack? What vulnerabilities were exploited? Could my phone be hacked in the same way? We don’t know, we don’t know, and we don’t know, respectively.

OK, but who made the malware used in the attack? Probably one of those shadowy hacker-for-hire outfits. The FTI report “suggested that the Tel Aviv-based NSO Group and Milan-based Hacking Team had the capabilities for such an attack,” Sheera Frenkel reports in a Times piece about the hack. NSO Group denied it; Hacking Team didn’t respond.

Is this the craziest series of events ever to befall the CEO of a major tech platform? Yes and it’s not even close.

What was the best tweet about all this? Oh, probably Jake Tapper’s.

Second place goes to Jeff Bezos.

The crown prince of Saudi Arabia has recently sent me a message on WhatsApp. Should I open it? Absolutely not. And probably stay out of his embassies, too.

The Ratio

Today in news that could affect public perception of the big tech platforms.

🔽 Trending down: Apple dropped plans to let iPhone users fully encrypt backups of their devices in iCloud after the FBI complained that the move would harm investigations. The tech giant’s reversal, which happened about two years ago, shows how much Apple has been willing to help US law enforcement despite casting itself as a defender of customer information.


Facebook and Twitter have evidence that could save people from prison, but they’re reluctant to give it up. They argue that the Stored Communications Act forbids them from divulging the content of communications unless a specific exemption applies. Megan Cassidy from the San Francisco Chronicle reports:

Facebook and Twitter provide online portals specifically for law enforcement to request information during emergencies and investigations. Government officials armed with search warrants routinely collect private user messages to help win convictions.

Defendants and their attorneys have no such recourse. In addition to the legal firewalls, Facebook also requires defense counsels to deliver subpoenas in person to their Menlo Park headquarters or to an authorized agent.

Critics are worried that Facebook’s fact-checking partners aren’t getting the resources they need to adequately address misinformation. The six partners tasked with evaluating content in the US are all growing their staff, but so far it hasn’t been enough to quell fears. (Chris Mills Rodrigo / The Hill)

Facebook has allowed a major pro-Trump Super PAC, the Committee to Defend the President, to run ads with lies. Some of the ads claim former Vice President Joe Biden is “a criminal who used his power as Vice President to make him and his son RICH.” Who’s excited for 11 more months of this? (Popular Information)

Facebook has made serious improvements to election security ahead of the caucuses next month, the company argues in a new op-ed in the Des Moines Register. The changes include opening rapid-response centers to monitor suspicious activity on the platform, and growing the security teams.

Voters in the Seattle area will be able to vote by smartphone in an upcoming election. It’s a historic moment for American democracy. But security experts warn that while mobile voting could increase turnout, it could also make the system much more vulnerable to a cyberattack. Yikes! (Miles Parks / NPR)

Amazon and Facebook each spent roughly $17 million on lobbying efforts in 2019. The new federal disclosures tell a story of a sector tapping its deep pockets to beat back regulatory threats and boost its bottom line. (Tony Romm / The Washington Post)

Presidential candidate Mike Bloomberg said breaking up tech companies “is not an answer.” He added that he doesn’t think Sens. Elizabeth Warren (D-MA) and Bernie Sanders (I-VT) “know what they’re talking about” when it comes to breaking up big tech companies. He also did not offer “the answer.” (Makena Kelly / The Verge)

While Apple may not provide official support to law enforcement agencies to access iPhones, police departments across the US already have the ability to crack mobile devices. They often use third-party companies to unlock and access information on encrypted mobile devices (including iPhones) at a relatively low cost. (Michael Hayes / OneZero)

There’s been very little consistency in how companies are complying with California’s new privacy law. Some have incorrect information on their websites about how the law affects them and consumers. Others lack a clear process to respond to customers who request their data. (Greg Bensinger / The Washington Post)

Joshua Collins, a 26-year-old socialist trucker running for Congress in Washington State, is leveraging TikTok in a new kind of political campaign. (Makena Kelly / The Verge)

San Francisco Pride members voted to ban Google and YouTube from their parade. They say the company isn’t doing enough to stop hate speech on its platforms. (Shirin Ghaffary / Recode)

City officials in Suzhou, a city of six million people in eastern China, sparked outrage online when they published surveillance photos of residents wearing pajamas in public. The people in the photos were identified with facial recognition software, and officials called their behavior “uncivilized.” (Amy Qin / The New York Times)

Britain unveiled sweeping new online protections for children’s privacy. The rules will require platforms like YouTube and Instagram to turn on the highest possible privacy settings by default for minors, and turn off by default data-mining practices like targeted advertising and location tracking for children in the country. (Natasha Singer / The New York Times)


ByteDance is seeking a new CEO for TikTok. The massively popular video app has come under fire from American politicians who worry that it might present a national security threat. Bloomberg’s Kurt Wagner and Sarah Frier have the story:

The company has interviewed candidates in recent months for the CEO role, which would be based in the U.S., according to people familiar with the matter, who asked not to be named because the search is private. In one potential scenario, the new CEO would oversee TikTok’s non-technical functions, including advertising and operations, while current TikTok chief Alex Zhu would continue to manage the majority of product and engineering out of China, one person said. The hiring process is ongoing and the envisioned role could still change depending on who is selected, the people added.

Zhu, who co-founded a predecessor to TikTok called, took over the business last year, though ByteDance also has a Chinese version of TikTok called Douyin, which is run by a different management team. The eventual corporate structure involving Zhu and the new CEO is still unclear, the people said, and Bytedance has hired executive search firm Heidrick & Struggles to help lead the process.

Researchers at Stanford have developed a new metric to track the time people spend on their devices. They say it’s more accurate than “screen time,” which treats all time spent online as more or less equal. (Will Oremus / OneZero)

Google launched three new experimental apps to help people use their phones less as part of a “digital wellbeing” initiative. One of the apps invites people seal their devices in a phone-sized paper envelope, similar to the pouches some artists require fans to put their phones into at concerts. No thanks! (Jay Peters / The Verge)

Small businesses are posting about the difficulties of competing with Big Tech, and the messages are going viral on social media. Sometimes, that virality has kept the businesses afloat. Other times, it’s made things harder. (Input)

Some of the biggest companies in the world are funding climate misinformation by advertising on YouTube, according to a study from activist group Avaaz. More than 100 brands were found to be running ads on videos that were promoting misleading information about climate change. (Alex Hern / The Guardian)

British telecom company Vodafone just quit the Facebook-founded Libra Association, the latest company to do so after PayPal, Mastercard, Visa, Mercado Pago, eBay, and Stripe left last year. I can’t remember the last time Libra got any good news. (Nikhilesh De / Coindesk)

Bonus industry content: The former director of newsletters at The New Yorker and BuzzFeed interviewed Casey about the making of this newsletter.

And finally...

The president’s impeachment trial is underway in the Senate, and rules prohibit senators from bringing electronic devices onto the floor. And yet seven senators have been spotted wearing their Apple Watches:

Republican Sens. Mike Lee of Utah, John Thune of South Dakota, Jerry Moran of Kansas, James Lankford of Oklahoma, John Cornyn of Texas and Tim Scott of South Carolina all are wearing them on the floor. Also spotted with the smartwatch: an aide to Senate Majority Leader Mitch McConnell.

So, too, is Democratic Sen. Patty Murray of Washington. Virginia Democratic Sen. Mark Warner owns an Apple Watch, but it could not be confirmed if he had it on the floor.

It should be pretty easy to tell. Just wait to see if he stands up 10 minutes before every hour.

Talk to us

Send us tips, comments, questions, and your unopened messages from the Saudi prince: and