iPhone Flaw Exploited by Second Israeli Spy Firm (reuters.com) 30
A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, Reuters reported Thursday, citing five people familiar with the matter. From the report: QuaDream, the sources said, is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients. The two rival businesses gained the same ability last year to remotely break into iPhones, according to the five sources, meaning that both firms could compromise Apple phones without an owner needing to open a malicious link. That two firms employed the same sophisticated hacking technique -- known as a "zero-click" -- shows that phones are more vulnerable to powerful digital spying tools than the industry will admit, one expert said. "People want to believe they're secure, and phone companies want you to believe they're secure. What we've learned is, they're not," said Dave Aitel, a partner at Cordyceps Systems, a cybersecurity firm. Experts analyzing intrusions engineered by NSO Group and QuaDream since last year believe the two companies used very similar software exploits, known as ForcedEntry, to hijack iPhones.
Less code = fewer points-of-failure (Score:3)
I wonder if all these lazy security flaws will lead to smaller and simpler codebases? Probably not, but a man can dream.
Windows 2000 is probably more secure than 11 simply because there's so few things that can go wrong
Re: (Score:2)
It explains a number of phenomena such as why people are working longer hours even in the face of increased automation. It's relevant in this case, too, because in the case of a spy agency, you're not going to cut your spies loose at lunchtime, but you're going to increase their workload thus increase their spying.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
W2K was cleaner, simpler, etc. It was the best Windows version of all time!
Re: (Score:2)
Re: And iPhones costs a kidney... (Score:2)
TFA speaks about phones in a broad sense, but these guys aren't actually breaking into Android phones, they're just breaking into iPhones. They break into some older Android phones, but not any recent ones, except maybe some cheapo third world brands that sell for $30 brand new.
Re: And iPhones costs a kidney... (Score:2)
Or, they are biased in their hacking and/or reporting.
But, it lends fuel to the fire why allowing side-loading apps is a bad thing.
Perfect or nothing (Score:2, Insightful)
Re: (Score:2)
Meh. Before Apple bought them out, the jailbreaking community was finding a constant stream of security vulnerabilities.
Apple didn't fix them, they just made them harder to find.
Re: (Score:2)
Re: (Score:2)
iPhone jailbreaks are all done through finding security flaws.
Use vs. Abuse (Score:1)
The same hammer can be used to punch nails building a house, or abused to smash nails (and fingers), when torturing someone [cnn.com].
To use the term "abused" is to betray a POV.
The linked-to article does not provide examples of use by the company, that could be identified as abuse. In fact, it cites no examples of such use at all, which means, they consider any use to be abusive.
What would these same people have thought of Alan Turing's (ab)using his Mathematical (and
Re: (Score:3)
If it's an unpatched vulnerability, it's by definition being abused, since it's used in a not intended way.
Whatever they're actually using it for is in that respect fairly irrelevant.
Re: (Score:2)
I don't think, that's in the definition [princeton.edu], but you do.
Which also makes Alan Turing into an abuser, in your opinion. And so was this guy [slashdot.org] and others like him.
Re: Use vs. Abuse (Score:2)
does encrypting all my data help ? (Score:1)
if my phone's data is encrypted can these attacks somehow get through that ?
do they allow recovery of the key ?
i don't mean while i have the phone. if i ever enter my passphrase while it's owned it's no longer encrypted.
but if it's stolen, is the data still safe ?
Re: "For Government Clients" (Score:3)
Why is it legal for them to do it but not us?
They have bigger guns than we do.
Re: "For Government Clients" (Score:2)
Why is it legal for them to do it but not us?
Depends on the country. In a general sense, because the law allows the government to perform certain hostile activities in particular situations. It's not any different than asking "why is it legal for the police to lock a person inside a cage, but not us?"
iPhones Secure? (Score:3)
Anyone that understands even the slightest bit about how the world works should know that these things are only as secure as the laws that protect data being subpoenaed.
As a regular user, the only thing I want my phone secured from is the random traffic cop, wife, lover, child, or misplaced phone. There are many ways to otherwise track a person outside of having their iPhone in your hand.
As a business user, iPhone are not on the list of "secured devices."
If a nation state wants to track you, they have many options. Your iPhone is only one of their options.
--
If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking... is freedom. - Dwight D. Eisenhower
Relax, it's cool (Score:2)
Re: (Score:1)