Allegations that Amazon.com boss and Washington Post owner Jeff Bezos had his phone hacked by Saudi Crown Prince Mohammed bin Salman have put a spotlight on the security of smartphones and the secretive tools used to hack them.
Smartphones are effectively pocket-sized computers that run apps on operating systems such as Apple’s iOS or Google’s Android. Those devices have enabled a new world of connectivity - unlimited free calls over WhatsApp, for example, or an atlas worth of up-to-the-second maps from Google - but also a parade of potential security problems.
Here is how smartphones can be hijacked and a look at the potential consequences and the thriving market in surveillance vendors helping the world’s spies get access to people’s secrets. Smartphones operate through a collection of apps, sometimes scores of them, running over an operating system, which in turn runs on a complex piece of hardware embedded with receptors, lenses and sensors.
Each one carries potential flaws - sometimes called bugs - that can cause a system to crash or behave unexpectedly when sent a rogue command or a malicious file. Even small openings like that can allow hackers to take control of a device. It is akin to illicitly lowering a coat hanger through a tiny seam in the car door to unlock a vehicle.
Many developers work hard to ensure those seams stay sealed, but with millions of lines of code to choose from, it is virtually impossible to guarantee total safety.
“There is no software that is bugless,” said Oded Vanunu, a researcher with Israeli cybersecurity firm Checkpoint who often finds flaws in popular messaging programs.
Once hackers are in, the possibilities are vast - and frightening. Anyone with full control of a smartphone can turn it into a powerful surveillance device, silently tracking users’ locations while quietly copying their emails, instant messages, photos and more. A 2015 technical document from NSO Group - one of the better known spyware vendors - outlines the capability of its Pegasus spyware program to monitor the smallest details of a target’s life, throwing up alerts if a target enters a certain area, for example, or if two targets meet, or if a certain phone number is called.