Most of us already know not to trust emails from a faraway prince promising an unexpected fortune. But, it seems that Amazon boss Jeff Bezos overlooked the warning from IT – the world's richest man got himself into hot water earlier this year after downloading a scam video message from a genuine Saudi prince. Allegations have emerged that Saudi Arabia could be responsible for a hack on Bezos' phone in January, and the subsequent theft of personal data.
The story claims that through the WhatsApp messaging service, a virus was installed on Bezos' phone. This, in turn, allowed private data to be stolen. While WhatsApp hacks of this kind are rare, they're aren't unheard of. In short, it seems that yes, you can get a virus over WhatsApp. But how likely is it to happen to you?
Sure, the rest of us may not have genuine princes in our contact lists. But since anyone could fall for a scam message, we're going to cover some tips to ensure you aren't next.
Can I Get a Virus via WhatsApp?
It's long been thought that phones can't contract the kind of viruses that affect PCs, but no system in infallible, and that includes Android, iOS, and the Facebook-owned WhatsApp. Still, examples of viruses being released through the platform are relatively rare, even if smartphone viruses are becoming more common. Last year the University of Cambridge discovered that 87% of Android phones are exposed to at least one critical vulnerability.
While there have been cases of WhatsApp “hacking” in the news, these tend to be related to apps that masquerade as the popular messaging service. These include WhatsApp Gold, which was pitched as a “premium” version of WhatsApp, but it was nothing more than a malicious third party app designed to steal your data. Another virus, Agent Smith, replaces the WhatsApp app on your phone with a malicious version, but again, this isn't an infected file distributed through WhatsApp itself. Nefarious third party apps like these tend not to be available through official channels, and are easily caught with anti-virus software.
In May of last year, it was revealed that a bug in the app made it possible to access a user's phone for surveillance, utilising the audio call feature. This would occur whether or not the user had answered the original call. The company issued a patch shortly afterwards that fixed the issue.
Once a virus has hold of your device, the result can be devastating. While few of us are of interest enough to make the front page of a national newspaper with any data gleaned from our phone, a virus could very well be used to install ransomware. This type of virus threatens to delete data or render the phone useless, unless a payment is made. It could also be used to extract personal or financial data, or use your device to infect further phones, including your friends and family.
Bezos, WhatsApp and the Saudi Prince Explained
Reports of this extraordinary alleged hack first circulated in January 2020. While online scams are nothing new, this case differed from the rest, given the high profile cast list. The incident involved Amazon boss Jeff Bezos (the world's richest man), and a Saudi Crown Prince (also reasonably well-off). It appeared that there was credible evidence that a hack on Bezos' phone originated from a message sent to him by Saudi Prince Mohammed Bin Salman in May of 2018. Sensitive data was extracted from Bezos' phone, and it's even suspected this could have led to personal revelations that ultimately caused Bezos to undergo a rather costly divorce.
According to the report, Mohammed Bin Salman sent Bezos a video file via the messaging app on the 1 May 2018. This secretly infected his device and left it exposed. During this time, the sensitive data was taken. Security experts are apparently confident enough that this message was the source of the hack – so much so that investigators are apparently looking to raise the issue with Saudi Arabian officials directly.
Among that data, it's alleged, were private messages about an affair Bezos was having. This information was later published by The National Enquirer. While the company that owns the paper, American Media Inc, maintains that it came to this information through legitimate means, forensic experts investigating the leak have shown serious concerns about the personal data exposed, and the potential use of it against Bezos.
It's interesting to note that last year, Bezos's own head of security wrote in the Daily Beast about his theory that Saudi Arabia was behind the hack. The article noted the Saudi Prince's friendship with David Pecker, the CEO of AMI.
Saudi officials insist that the allegations are baseless, although the accusations are bound to put more strain on the relationship between the US and Saudi Arabia, following on from the killing of journalist Jamal Khashoggi in 2018.
“Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos' phone are absurd. We call for an investigation on these claims so that we can have all the facts out.” Saudi Embassy tweet
Saudi Arabia is under increasing scrutiny for its alleged digital espionage efforts. Only last month, we reported that the US government charged two former Twitter employees for spying for the Saudi Arabia government.
How Can I Avoid a WhatsApp Virus?
The Saudi-Bezos connection shows that it certainly is possible to deliver a virus over WhatsApp. But, these were pretty extraordinary circumstances, involving a high-profile target and an alleged state-level attack. So, enough about Bezos and his royal connections. What about you and the security of your phone?
While instances of WhatsApp viruses are rare, there's still a few steps you can take to make sure you're less likely to fall victim to such bugs:
- Check apps are legitimate – Like WhatsApp Gold showed, its easy for hackers to gain access to your phone when they masquerade as a legitimate app. Only download apps from the official store for your device, and check that the company on the store page looks authentic. Check the reviews too.
- Don't open suspicious files – Don't let your curiosity get the better of you if you think a file seems a bit odd. This is especially true if you receive it from someone you don't know.
- Install mobile anti-virus software – A good anti-virus app can nip viruses in the bud, should one slip through.
- Consider an iPhone – A bit of a drastic step for Android loyalists, perhaps, but Apple's devices are much less susceptible to viruses thanks to the closed nature of their operating system.
- Keep WhatsApp up to date – Software patches are constantly being released to stay ahead of potential viruses. Make sure your software is up to date.
If you use WhatsApp for business there are also a few alternatives available.
Protect Your Phone
Security awareness around mobile phones has been a little slower to catch on than the traditional computer, but in reality, in 2020, there's little difference between the two devices. Scammers are always playing a numbers game, and will go where they have the highest chance of suckering a victim. With smartphone use consistently on the rise, and 81% of Americans owning one, it makes absolute sense that they would be a target.
Thankfully, an anti-virus mobile package can offer you peace of mind, and it won't break the bank either. At Tech.co we recommend ensuring that your smartphone, which currently holds access to your email, bank apps, personal photos and documents, should be as tightly protected as your computer, or even your home. Just like you won't leave your house door wide open, don't leave your smartphone exposed.
Using Mobile Anti-Virus Software
Just like you wouldn't risk going online without some sort of anti-virus software on your PC, you'd be remiss to do the same on your mobile device. Chances are, that you actually use your phone more for browsing than a traditional laptop or computer, and a report estimates that by 2025, 72% of us will be accessing the web using only our mobile devices.
So, what features can you expect from dedicated mobile anti-virus software? For one, just like traditional packages, they can spot and isolate potential viruses when browsing, blocking potential nefarious programs from hijacking your device. They can also flag potentially dangerous links, block adverts, scan apps before installing them, and actively hide your personal data when browsing online. It will also reduce the risk of getting a virus from attachments in messaging apps or emails.
Some go further, adding protections in the real world, too. Norton Mobile Security for example, offers all the usual features you'd expect, but can also automatically lockdown and safeguard your phone, should someone remove the sim card. It can also wipe all your data remotely, should your phone be stolen.
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page