Pegasus is an Israeli product, are they selling it to Russia?
Why not? Do you think US donations come with conditions?
Yeah either something else is involved here or Israel is indeed selling Pegasus to literally any government that requests it. Let's not forget that NSO group is state funded so those deals clearly do have the approval from the Israeli government.
Nothing to worry folks, here's what NSO said when it was used to target Khashoggi's inner circle as he was murdered and dismembered in the Saudi consulate:
NSO denies any wrongdoing. It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records
One of the key reasons for Israel's reluctance to help Ukraine win the war militarily is simple: It still works closely with Russia.
Russia is important for Israel's military operations in neighboring Syria, where Israel has been carrying out airstrikes against Iran-backed militias, mainly those of Hezbollah.
Now inform everyone else that other countries are targeting with pegasus
*edit: spelling
They do, and they’ve shared the counter measure (lockdown mode) with the world.
If a nation state will individually target someone, they don’t need to doom scroll on insta (nor do they need to). Locking down the phone to the bare minimum for these kind of people is the appropriate level of response.
As much as I want to believe this is effective, all it looks to do is turn your phone into... a phone.
If they can get cell records, they can track you.
SMS isn't end-to-end encrypted, once it leaves your phone to the network it's fair game. Given that Russia controls Russian Telecom, you can be fairly certain that a phone call and an SMS are monitored.
At that point, you're left with the old school one-time pad. And I can bet on Russia being Russia, so if they see a one-time pad in use, they're just going to pick you up and beat you ~~to death~~ until you talk.
Which is why these people don't use sms or standard calling. They use something like Signal.
Signal is great but if the phone itself is compromised it won't help much.
How is this a solution? 🤔 and whats the "solution" for android?
I don’t know Android. Sorry. Doesn’t locking down to very very limited hardened features goes against everything Android is (highly flexible customizable for power users who’d want to do that kind of stuff)?
At this rate an iPhone will just be Pegasus all the way down. 76 nation states and their rogue black ops will battle for pegasupremacy.
He who hacks harder wins.
(The above is not based on any fact)
But, seriously... 3 (known) years later and Apple doesn't have a fix for this?
Almost as if it's intentionally unpatched
Edit: fanboys are a tough crowd. Gheezus.
It's not like Pegasus is exploiting a single bug in iOS, there are probably hundreds of different ways Pegasus got onto phones over the years. Known security bugs get patched.
Pegasus isn't a single piece of software, it's a big toolkit, constantly updated. It's a race similar to ads vs. ad blockers.
It's not a problem exclusive to iOS either. Pegasus works on Android phones as well.
Code has been analyzed from several versions of it.
Edit: the code and analysis report available here:
(Edit: it amazes me how much people will defend/rationalize the most valuable corporation ever known to put more effort into the camera being placed 2mm to the left than an exploit that gets people killed.)
That Apple (especially) can't mitigate against it is pretty damning.
Regardless what Pegasus is made of, it exploits vulnerabilities. Use a rock, a bat, or hard boiled egg and you can break a cheap window. It's the window that is insecure. Not the methods used.
A trillion dollar company ought to be able to put up a bit more than plexiglass.
And the mega corps ought to be working together on this. Imagine if it got out into the wild.
Remember spectre?
https://en.m.wikipedia.org/wiki/Spectre_(security_vulnerability)
I am not a lawyer.
hardware based speculation is hard to patch compared to most exploits that are just bad programming mistakes due to two factors. one being its hardware and its hard to patch out hardware and 2. fixing it would lead to severe drop in performance. A name of a very recent one would be Retbleed.
Yet, if you check your dmesg you'll find innumerable methods of mitigation against such exploits.
A software patch for hardware issue.
Personally, I'd rather the drop in performance than the Kashoggi treatment.
hence a preference thing, because In real life, when users see a huge performance drop, they complain (e.g Apple throttling old iphones due to aging battery without telling users). It's why it's one of the hardest fixes to do. Sometimes patches for speculation doesn't hurt the end user much (e.g Zenbleed does not affect consumer loads like gaming) then you have situations like Intel's Downfall, which has sizable AVX2/AVX512 performance penalties.
It was absolutely not just for aging battery. It was also planned obsolescence.
because In real life, when users see a huge performance drop, they complain
Yeah, true, and the dead people don't get to complain, so just prioritize performance because the dead aren't complaining.
/s obviously. I don't give a fuck how much performance you gain/lose by running an exposed system. Increasing road speed limits would help people get to work faster. But more of them would be dead. Road safety comes first, convenience and speed comes second.
I could understand people having a slightly different priority list 30 years ago when performance was shit and computers were obscure. But in this day and age, we're making increases in performance 99.9% of the populace won't notice and computers literally run our lives. The priority is security.
then you have situations like Intel's Downfall, which has sizable AVX2/AVX512 performance penalties.
Yeah, exactly. Most people don't utilize AVX all that much. And those that do likely have newer machines that are unnaffected. And Intel is patching it.
The point is, anything there is code speculation, virtually every single time they invent a new way to speed up performance, a new method of attack gets found. It doesnt matter if its Arm, it doesnt matter if its Apple, jt doesnt matter if its Intel, doesnt matter if its AMD, everyone has exploits as long as code speculation is a thing. If security is a severe issue, would the solution not be finding or using phones without code speculation period as as long as long as it exists, historyically speaking, its only a matter of time till an exploit exists for it.
Theres literally a functioning business model of "find zero-day exploits for software X and sell that info to the highest bidder". There is actively many huge bounties for currently working exploits that you, random dude on the internet, can get if you can show that an unknown bug can be used to gain access to some software. Pegasus is one of the groups buying the exploits and then using it.
It is a perpetual cat and mouse game. Every time that Apple is made aware of an exploit they patch it asap, but that doesn't mean they've fixed every exploit. You can't fix a bug unless you know it's there.
Really? An entire economy based on hacking, exploits, and exfiltration? (Edit: I guess I need this: /s, because, /whoosh)
Again. A 2 TRILLION DOLLAR COMPANY, should be able to find the resources to not only find these exploits, but be able to more vigorously check their own code on their own platform on their own hardware in their own labs.
Doubly since it affects a broad range of hardware/software/firmware, and since these exploits essentially own everything, and it is targeted at high value targets including members of state, journos, advocates and dissenters, it would seem necessary to develop better security in tandem with the other half of the monopoly and OEM'S and national security agencies.
It isn't just a bug that erases your favorite cat pics. Worst case, these exploits can erase your life if you end up saying/knowing/thinking something someone doesn't like.
I find it difficult to believe after 3 years, multiple os updates, code changes, hardware/chip redesign, the same exploit(s) have remained so thoroughly effective, and the best a company can do is "lockdown"
You're already owned by then.
Ye, it's a real thing. A quick google search for the term "companies that buy software exploits" lead me to the following real companies that will buy exploits you find; zerodium, offensive cyber, and vupen. In fact, zerodium currently has a $400,000 bounty for an exploit for microsoft outlook. It's very useful for say something like a government to know about these hacks in case say they want to hack someone. For example stuxnet was written by the US to fuck with Iranian centrifuges.
Pegasus isn't just a single exploit. It uses many and every patch to an OS doesn't fix every single exploit so there's always another way Pegasus can break into the system. Also, do you think that with every update to iOS the developers are rewriting their entire code base? I've written lots of updates for my software and I almost never scrap the entire thing when I need to do rewrites.
Again, Apple, a 2 TRILLION dollar company, can only fix exploits they know exist.
Yeah, the argument that there's money in this business only furthers the point here - there's money in it because it's valuable to abuse systems. Therefore the people running those systems should be the ones fucking funding it. And then using that agreement to keep the exploit details behind closed doors until they are able to fix it.
It's almost like this should be an entire internal department. Maybe it could be named after the idea of keeping things secure?
If the company making massive profits off the sales of these devices isn't going to fund it, who is? It's fucking insane to me that Google basically funds the security of iOS for Apple, who's their direct competition in that market. We probably wouldn't even know this exists if it wasn't for stuff like that.
But, seriously... 3 (known) years later and Apple doesn't have a fix for this?
Almost as if it's intentionally unpatched
Pegasus constantly adapts, evolves, and changes overtime with how it works. Pegasus 3 years ago isn't the same as Pegasus today. Once a vulnerability is discovered and fixed, they find a new one to exploit and take advantage of. Its a constant battle.
I'm not a big fan of Apple at all, but credit where its due, they have made a pretty good effort to patch Pegasus vulnerabilities whenever they come about, plus have added features like Lockdown Mode to help protect against it even further, etc. This article is literally about Apple even warning journalists to be cautious of it.
Saying Apple is intentionally allowing Pegasus to happen, like you're claiming, is honestly laughable with all things considered.
they have made a pretty good effort to patch Pegasus vulnerabilities whenever they come about,
I mean, they kind of have to? What's the alternative, they leave it? Why are we applauding them for basically the bare minimum here?
Apple's investment in discovering these problems seems pretty poor. There are multiple instances of Google finding exploits for them and then Apple downplays and complains about Google being too alarmist.
Sure, they fix things. But they fucking better, or there's a very different problem. But their proactive investments in trying to discover them ahead of time seems pathetic.
I think you missed my point, I'm not applauding Apple for doing the bare minimum, and to be clear, I think you absolutely raise fair points, I'm just pointing out that its ridiculous to claim that Apple intentionally allows Pegasus to happen, which is absurd based off the fact they make efforts to patch its vulnerabilities whenever they pop up, add features like Lockdown Mode, and even warn people who could be impacted. Could they do better to be proactive against exploits? Sure, definitely seems like they have room for improvement, but that's not the same thing as what the person I replied to had implied by acting like Apple intentionally allowed Pegasus to work and was complicit with it.
Make it preinstalled and put the hackers out of job. Taps forehead
What are the comments in here.. Lol. Anyone able to give a level-headed take on this article/topic? Cheers
Obviously we need multiple adversarial LLMs battling this out. Humans are not solving this problem.
Is that their explanation for their radioactive phones? ☢️📱
“Radioactive” implies ionizing radiation. The article you linked refers to electromagnetic radiation. Why are you spreading misinformation?
Ignorance and stupidity.
Google electromagnetic radiation
Holy hell!
Actual wi-fi
A community for discussing events around the World
Rule 1: posts have the following requirements:
Rule 2: Do not copy the entire article into your post. The key points in 1-2 paragraphs is allowed (even encouraged!), but large segments of articles posted in the body will result in the post being removed. If you have to stop and think "Is this fair use?", it probably isn't. Archive links, especially the ones created on link submission, are absolutely allowed but those that avoid paywalls are not.
Rule 3: Opinions articles, or Articles based on misinformation/propaganda may be removed. Sources that have a Low or Very Low factual reporting rating or MBFC Credibility Rating may be removed.
Rule 4: Posts or comments that are homophobic, transphobic, racist, sexist, anti-religious, or ableist will be removed. “Ironic” prejudice is just prejudiced.
Posts and comments must abide by the lemmy.world terms of service UPDATED AS OF 10/19
Rule 5: Keep it civil. It's OK to say the subject of an article is behaving like a (pejorative, pejorative). It's NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
Rule 6: Memes, spam, other low effort posting, reposts, misinformation, advocating violence, off-topic, trolling, offensive, regarding the moderators or meta in content may be removed at any time.
Rule 7: We didn't USED to need a rule about how many posts one could make in a day, then someone posted NINETEEN articles in a single day. Not comments, FULL ARTICLES. If you're posting more than say, 10 or so, consider going outside and touching grass. We reserve the right to limit over-posting so a single user does not dominate the front page.
We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.
All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.
News !news@lemmy.world
Politics !politics@lemmy.world
World Politics !globalpolitics@lemmy.world
For Firefox users, there is media bias / propaganda / fact check plugin.
https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/
