Comment by ExoticPearTree
4 days ago
Keep your devices always up to date and limit the number of apps you use (lower attack surface).
If paranoid, use a different device to access suspicios apps/sites with nothing on it.
4 days ago
Keep your devices always up to date and limit the number of apps you use (lower attack surface).
If paranoid, use a different device to access suspicios apps/sites with nothing on it.
How do we know it is not rigged with an explosive like the Pagers?
Edit: https://news.ycombinator.com/item?id=45763674
"Cohen (former head of Mossad) insisted that the publicly recognized success against Hezbollah was merely one element of a far wider, systematic deployment of sophisticated devices worldwide, although notably abscent in the Gaza Strip."
His claim there did not necessarily imply rigged explosives, but supply chain attacks either for surveillance or assassination purposes.
And his limiting it to "virtually every potential theater" would suggest that it's mostly present in Lebanon, Syria, Iran, Yemen, most likely Iraq as well.
But let's be honest here, this isn't civilian equipment that's been compromised. It's supply chain attacks where the buyer is manipulated into buying goods that they've tampered with, or re-engineered. They weren't pagers anyone could pick up at Radio Shack. (Everyone who got hit was a target, or a direct relative of a target.)
Or just standing next to someone in the line at the supermarket.
Also, lets be clear and admit that if your notion of "target" is "anyone close to a device I sold years ago", you're not the type of person that cares if the balled up paper made it to the trash can: so long as it left your hand you would be satisfied.
17 replies →
>And his limiting it to "virtually every potential theater" would suggest that it's mostly present in Lebanon, Syria, Iran, Yemen, most likely Iraq as well.
Except we don't know. "virtually every potential theater" is intentionally very vague language that could mean anything.
1 reply →
Take it with you on an international trip or three. Surely those airport scanners will pick it up.
That's actually a great point. Out of the hundreds of pagers that were out in the wild you'd think one of them went through an airport check at some point and got flagged.
4 replies →
You mean the security theater complex?
1 reply →
We know because we're not shooting rockets at them.
Today they are targeting people shooting rockets, tomorrow they will target people commenting on these posts, the day after they will target specific group of people.
So you may be safe today, what happens when they don't like your opinion ?
If only things were that simple and they weren't also helping ICE terrorise civilians.
> limit the number of apps ... lower attack surface ... If paranoid
While true in general, super apps that do too many things and used by billions (WhatsApp, Chrome, TikTok, Instagram, CleanMaster etc) are big enough of an attack surface already.
Defenses (compile-time / runtime memory safety & control flow integrity, media coders/decoders, sandboxes, for example) are getting better & so exploits are getting expensive.
> use a different device to access suspicios apps/sites with nothing on it
While using different devices is good enough, it requires the end user to maintain strict isolation (and sometimes may require appropriate features from the OS). Using burners is an extreme version of this practice.
>super apps that do too many things and used by billions (WhatsApp, Chrome, TikTok, Instagram, CleanMaster etc)
One of these are not like the others...
Burners seem extreme, but old used hardware still seems the best and only way you can sort of prove isolation on your own.
You can't trust software not to be buggy and both, hardware, and software not to be purposely compromised because "think of the children" (that the EFs proved to be BS).
And if you use iPhones and have reason to be really paranoid, consider using lockdown mode.
https://support.apple.com/en-us/105120
Has android been hacked?
I only know pegasus broke iOS.
I find it interesting that Apple has spun Lockdown mode from a 'we are terrible at security' into a feature for marketing.
Now when someone gets hacked Apple can say: "Well they weren't in lockdown mode, its their own fault."
Gosh I wish I was as good at marketing as Apple. They really need to sell their marketing team as a service. If they did that, I'd buy their stock outright.
Every phone is hackable but Pixel with GrapheneOS generally seems the hardest. See e.g. the leaked Cellebrite support matrix:
https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...
iOS generally seems harder than non-GrapheneOS Android, taking a few months for Cellebrite to catch up with. All the other Android phones/variants should make people cry because device security is so bad.
>Has android been hacked?
Yes, see: https://news.ycombinator.com/item?id=46989612
With GrapheneOS you can physically switch off the USB while locked.
two last attacks from paragon for pixel devices uses the modem firmware. these things doesn't help much.
iPhone 17's and later offer the highest level of security in a smartphone: https://security.apple.com/blog/memory-integrity-enforcement...