Profile picture
, 7 tweets, 2 min read
My Authors
Read all threads
The story about Saudis hacking Jeff Bezos iPhone didn't find evidence, but unknowns, such as a suspicious encrypted video they couldn't decrypt.

So I wrote a blogpost with a detailed explanation how to decrypt it:
blog.erratasec.com/2020/01/how-to…
Steps:
1. backup the iPhone to desktop
2. grab the file 7c7fba66680ef796b916b067077cc246adacf01d (aka. ChatStorage.sqlite) from that backup
3. use sqlite, in the table ZWAMDIAITEM, grab ZMEDIAURL and ZMEDIAKEY
4. use those values to download the encrypted file and decrypt.
The FTI investigators found the encrypted version of the video suspicious because it was a few bytes longer than the unencrypted video.

That's just normal checksumming and padding, as you see in the code that decrypts the file.
The entire story hinges on this encrypted file containing exploits and/or malware. Once decrypted, this can either be confirmed or ruled out. It's almost certainly going to be ruled out, because the contents will just match the unencrypted video they already have.
Once ruled out, the entire story collapse, as there's no longer any tie to the Saudis. In other words, even if the phone were hacked, there wouldn't be any proof linking that hack to the Saudis.

As my other tweets discuss from a few days ago, there's not even evidence of a hack.
I wrote the code a few days ago but couldn't get it to work until @dinodaizovi showed me the problem, I was using the wrong string to salt the key expansion function, which changes depending on MP4 Video or JPEG Image.
@dinodaizovi In any case, YOU CAN DO THIS AT HOME. You can easily follow the steps to decrypt the WhatsApp videos on your own iPhone. You don't need fancy tools available only to law enforcement, but common, free tools, like iTunes to generate the backup.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Rob ☃️ Graham (not at Shmoocon this year)

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
The fictional narrative of a "winner" has become even more fictional than normal.
I mention this because of the nonsense of elections cybersecurity, where it's possibly not even among the top 10 issues that impact elections. Yes, it's important to get right, but it's like writing down measurements to 4 decimals places using a hand-held ruler accurate to only 1
To start with, "primaries" aren't even "elections". They are part, only a part, of the system each party uses to choose candidates for the actual election.
Read 14 tweets
Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
Expiring on a specific date is dumb. What's the best alternative? Logging to a file somewhere? Warning messages to user? I like this idea: increasing delays.
So just use 20 year expiration? I'm not sure this is a good idea because (a) why have them expire at all then? and (b) that just means in 20 years the failure will be really catastrophic as there's nobody around who remembers what the thing does
So, why is expiring HTTPS worse than HTTP? The answer is that an HTTP site doesn't want encryption, but an HTTPS site does. Thus, if HTTPS fails for whatever reason, backing off to HTTP would be bad.
Read 7 tweets
Profile picture
Rob ☃️ Graham (not at Shmoocon this year)
@ErrataRob
The following people involved have great reputations, so every reason to believe them, but seriously, unless we get more technical details, we have to consider such stories to be bunk.
The app is no longer used and there's no risk from disclosing all the gory technical details. Moreover, if the app was still being used, that means it's even more necessary to disclose the gory technical details.
A good discussion of why the technical details matter:
Read 3 tweets

Related threads

Profile picture
Clint Watts
@selectedwisdom
Hacking of Bezos timeline = scary. In 2016, Russia hacked campaign to influence US Presidential election, in 2020, we allegedly have Saudi (MBS) hacking major US corporate leader For negative influence campaign ohchr.org/Documents/Issu…
MBS meets Trump at White House March 20, 2018. According Bezos timeline, Bezos gets invite to dinner with MBS - March 21,2018. April 4, 2018 Bezos & MBS connect on WhatsApp
While we wallow in an impeachment hearing about foreign influence in An election, someone might want to ask the White House if they had any discussions about Bezos with MBS
Read 9 tweets
Profile picture
Housatonic™ 🇺🇸
@HousatonicITS
Year 1900: Lt. Cmd. William K Gise (uncle of Lawrence Preston Gise, who was grandad of Jeff #Bezos) was the captain of the USS #Sylph . He was so deeply associated w/ the Presidential Yacht that he reported his full-time residence as being on the USS Sylph for the 1900 US Census.
On the 3rd line - Is that a "Flynn" ? @btaylor_71 @MeemsKaso @mobster21
@btaylor_71 @MeemsKaso @mobster21 Yes it is - So William K #Gise is captain, and #3 on the boat of John F #Flynn

Wow

"Gise and and Flynn - The Sylph administration - Mc K I N L E Y"

(link - findmypast.com/transcript?id=… )
Read 3 tweets
Profile picture
Housatonic™ 🇺🇸
@HousatonicITS
I am now downloading and reading the handwritten notes of Lieutenant Commander Lawrence Preston Gise (Jeff #Bezos grandad) of the USS #Neunzer from 1943

Must organize all file names, sort, keep source URLs, etc

All notes in cursive, not easy to read

All good things take time
[2] In the US Navy 1943 to 1946 - Lieutenant Commander Lawrence P Gise only shows up on two Muster Rolls ?

One in 1943 and one in 1944 ?
[3] @MeemsKaso Here we go, part 1 of 3 - War Diary of USS Neunzer for Oct 1943 (handwritten)

File name : 1943-11-01-uss-neunzer-de-150-war-diary-for-oct.pdf
Download link : drive.google.com/open?id=1sktSM…
Read 6 tweets
Profile picture
Housatonic™ 🇺🇸
@HousatonicITS
[1] The German submarine U-505 was the very first foreign navy vessel captured by the United States in WW2. It was June of 1944. It was the first vessel the US captured in nearly 100 years (last was 1840s).

[2] The U-505 is currently on display in Chicago

It was a very difficult capture - the captain left the boat in a a condition to sink to protect the German tech, but the US navy saved her
[3] The Germans did not believe their Enigma codes were compromised during the rest of WW2 because the capture of U-505 was kept a secret

But U-505 was critical to knowing how to break the German codes
awesomestories.com/asset/view/THE…
Read 7 tweets
Profile picture
Beth⭐️
@PersuasivePR
Israeli spyware Pegasus, purchased by Saudi for $55M last year, "allows customers to secretly listen to calls, record keystrokes, read messages & track internet history on targeted phone; use phone’s microphone camera as surveillance devices." #Bezos

nyti.ms/2zF5KrF
"Because of those sweepingly invasive capabilities, Israel classifies the spyware as a weapon. The company must obtain approval from the Defense Ministry for its sale to foreign governments. Saudi Arabia paid $55 million last year for its use, according to Israeli news reports."
Who hated Khashoggi, threatening to "use a bullet" on him? Saudi prince MBS

Where did Khashoggi work? The Washington Post.

Who owns The Washington Post? Jeff #Bezos

Whose cell phone was hacked, leading to blackmail attempt by Trump toadie David Pecker & AMI? Jeff Bezos
Read 14 tweets
Profile picture
Housatonic™ 🇺🇸
@HousatonicITS
In 1995, Jeff Bezos’ parents took a $250,000 gamble on his fledgling startup

One IPO and 3 splits later, his parents’ stake could be worth almost $30 billion today. That would make them wealthier than Microsoft Corp. co-founder Paul Allen

bloomberg.com/news/articles/… via @technology
[2] I am NOT saying #Bezos committed insider trading

But I AM saying that grandfather LP #Gise was a director at the AEC (Atomic Energy Commission) and key person to approve and fund ARPA , from which #ARPAnet evolved , and now #Amazon is the largest cloud provider on Earth
[3] Dont believe me? Search this for "Gise" (or LP Gise).
apps.dtic.mil/dtic/tr/fullte…
Read 41 tweets

Trending hashtags

#apple #Maddow #francophone #NewYorkValues #Video #Bronfman #Flynn #ARPA #scipol #Bezos #climatechange #gop #tngop #journalists #OnceUponATime #Trial #story #ChiefScienceAdvisor #DOWChemical #Ukraine #selfassessment #RockyFlatsPlant #RobertMueller #CorinthianYachtClub #MuellerReport
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!