The vulnerability allegedly leaked his location, making him a target for hitme
The older brother of dead Colombian cocaine warlord Pablo Escobar is suing Apple for a whopping $2.6bn over a security vulnerability that allegedly allowed miscreants to access his location via his iPhone X handset.
The bizarre lawsuit [PDF] filed at the San Mateo Superior Court in Silicon Valley this week claims that a known bug, which allowed attackers to snoop on another person’s microphone using FaceTime, exposed Roberto Escobar’s home address and whereabouts.
After he purchased an iPhone X through a reseller in Colombia in April 2018, he was reportedly bombarded with random FaceTime calls. Escobar didn’t think too much about it until he reportedly received a death threat months later in January 2019. The letter, written by someone called Diego, claimed he had discovered Escobar’s home address by exploiting the aforementioned FaceTime vulnerability.
Although the bug is only known to affect a user’s microphone, Escobar claimed that it also leaks location data too. “[Escobar] has hired a technical specialist that made that determination, and he will present the proofs to the court if needed,” a spokesperson told The Register. “He is 100 per cent certain that it was due to FaceTime.
As the “former accountant” of the Medellín Cartel he co-founded with his late brother, Escobar has survived multiple assassination attempts. The lawsuit alleges that his life was endangered by Apple, which sold him a smartphone that was vulnerable to security breaches. The reseller told Escobar that the iPhone X was the most “secure phone on the market” at the time.
What’s more, Escobar said he even directly called Apple support staff, who confirmed that the iPhone X was indeed the most secure phone on the planet before making the purchase. The report also claimed that he paid for additional security features to ensure his phone was not susceptible to attacks. The reseller apparently assured him that the “iPhone simply cannot be exploited and will never be vulnerable to future exploits”.
The lawsuit did not reveal what those security features were exactly. A spokesperson told us that “this is private and between Apple and Mr Escobar” and that he splashed out over $100,000 to beef up the security on his new smartphone. The investment clearly wasn’t worth it, however.
“Apple breached the agreement,” according to the filing. “Apple failed to provide a phone free of exploits, and as a result, criminals were able to use FaceTime to determine the Plaintiff’s secure residential address and other personal information.” And for that Apple supposedly deserves to pay a total of $2.6bn in damages.
Here’s how Escobar did the maths: The breach of contract itself has cost Escobar $100m to devote extra time and money to protect himself and his family after his location was accessed by miscreants. Apple’s negligent misrepresentation of its product drove him to relocate, so that’s another $500m in damages. Finally, the emotional and physical toll exerted on the former gangland bean counter also has a price of, erm, $2bn.
Apple was not available for comment
Escobar is no stranger to wacky lawsuits. He founded Escobar Inc, a company that has been peddling the Fold 2, a shiny gold flappy smartphone that is, in actual fact, a Samsung Galaxy Fold handset. It sued its former COO for embezzlement and hijacking its YouTube account. ®