top | item 43891790

(no title)

be_erik | 10 months ago

There’s chatter on bsky.

But tl;dr anything said on those phones is assumed to be compromised until proven otherwise by time or a whole lot of very interesting security verifications. So far the evidence that this is a very large leak looks probable based on the evidence presented.

discuss

dang|10 months ago

(this was originally a reply to https://news.ycombinator.com/item?id=43890827 but since it's an on-topic comment, I moved it to the merged thread)

croemer|10 months ago

Why do you say "everything said on those phones" - did you mean "on this app"? If the backend of an app was compromised, that wouldn't mean the phone itself was rooted?

Zak|10 months ago

It is reasonable to assume that the intelligence services of unfriendly countries are actively devoting significant resources to compromising both issued and personal phones of top-level officials in the US government. They would be negligent not to. It's also a good guess that those efforts would be increased after the first time it became public knowledge the officials were likely using those phones for secret official business.

It is also reasonable to guess that such services have access to malware similar to the infamous Pegasus and a nonzero success rate at deploying it. In short, it's careless to assume none of the phones aren't rooted by a hostile actor.

That's one of several reasons the government has rules requiring that classified conversations take place on specific approved devices which aren't used for anything else.

be_erik|10 months ago

By installing MDM you’re effectively chaining your security to the security of the MDM. The MDM gives you the ability to install arbitrary code via a blessed backdoor. There’s no reason currently not to suspect that anything said on that phone (signal or not) is compromised.