top | item 37507172

(no title)

jyrkesh | 2 years ago

I factually agree with what you're saying, but I don't think it really changes the practical outcome of the situation: a private organization is available for-hire to arbitrarily root and snoop on fully patched iOS devices at state-level actor scale. If they get the exploits from in-house or elsewhere, the outcome is basically the same.

Whether there's "Pegasus" attribution or not, the reality of the contemporary internet is: if you're targeted hard enough, you're probably screwed. (....but you're probably not actually targeted that hard, so practice good practices)

That being said, I agree with others that it's probably a good technical, PR, and long-term "marketability to regimes" approach for Apple to just double down and spend millions instead of thousands on competing with the black market to buy 0-days.

discuss

KRAKRISMOTT|2 years ago

> a private organization is available for-hire to arbitrarily root and snoop on fully patched iOS devices at state-level actor scale. If they get the exploits from in-house or elsewhere, the outcome is basically the same.

This is a distinction without a difference. The major Great Powers are all cyber powers. The only difference is that NSO services the non-Great Powers too, with the implicit backing of the Israeli state apparatus. The media has created NSO a cyber power broker for the powers that be, but all of the UN Security Council permanent members have their own defence contractors and cybersecurity staff. Talented engineers are everywhere.