top | item 46990394

(no title)

So the exploiters have deprecated that version of spyware and moved on I see. This has been the case every other time. The state actors realize that there's too many fingers in the pie (every other nation has caught on), the exploit is leaked and patched. Meanwhile, all actors have moved on to something even better.

Remember when Apple touted the security platform all-up and a short-time later we learned that an adversary could SMS you and pwn your phone without so much as a link to be clicked.

KSIMET: 2020, FORCEDENTRY: 2021, PWNYOURHOME, FINDMYPWN: 2022, BLASTPASS: 2023

Each time NSO had the next chain ready prior to patch.

I recall working at a lab a decade ago where we were touting full end-to-end exploit chain on the same day that the target product was announcing full end-to-end encryption -- that we could bypass with a click.

It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.

discuss

whitepoplar|17 days ago

How much do you think Lockdown Mode + MIE/eMTE helps? Do you believe state actors work with manufacturers to find/introduce new attack vectors?

walterbell|17 days ago

My iOS devices have been repeatedly breached over the last few years, even with Lockdown mode and restrictive (no iCloud, Siri, Facetime, AirDrop ) MDM policy via Apple Configurator. Since moving to 2025 iPad Pro with MIE/eMTE and Apple (not Broadcom & Qualcomm) radio basebands, it has been relatively peaceful. Until the last couple of weeks, maybe due to leakage of this zero day and PoC as iOS 26.3 was being tested.

8cvor6j844qw_d6|17 days ago

> Do you believe state actors work with manufacturers to find/introduce new attack vectors?

Guaranteed. I find it hard to believe state actors will not attempt this.

Flash paper is king when it comes to secrets I guess.

mmmlinux|17 days ago

Thanks for contributing to our increasing lack of security and anonymity.

avazhi|17 days ago

Meh. It’s up to Apple to write secure software in the first place. Maybe if they spent more time on that instead of fucking over their UI in the name of something different, and less time virtue signalling, their shit would be more secure.

blackoil|17 days ago

Theoretical question. How much more secure will be a Linux device which uses phone as a dumb Internet provider.

digiown|17 days ago

Linux has few defenses against the compromise of individual programs leading to the whole system being compromised. If you stick to basic tools (command line) that you can fully trust, it might be somewhat resistant to these types of attacks. The kernel might be reasonably secure but in typical setups, any RCE in any program is a complete compromise.

Things like QubesOS can help, but it's quite high-effort to use and isn't compatible with any phone I know of.

octoberfranklin|17 days ago

It would at least be diverse.

fsflover|17 days ago

If you care about security, you should try Qubes OS.

baq|17 days ago

Linux is swiss cheese and your dumb phone is probably full of zero days which will happily mitm you.

fweimer|17 days ago

There is one non-technical countermeasure that Apple seems unwilling to try: Apple could totally de-legitimize the secondary access market if they established a legal process for access their phones. If only shady governments require exploits, selling access to exploits could be criminalized.

digiown|17 days ago

We have a word for this: a backdoor. It wouldn't de-legitimize the secondary access market. It would just delegitimize Apple itself to the same level. Apple seems to care about its reputation as the defender of privacy, regardless of how true it is in practice, and providing that mechanism destroys it completely.

9cb14c1ec0|17 days ago

It would not completely de-legitimize it. Maybe a government doesn't want anyone to know they are surveilling a suspect. But it definitely would reduce cash flow at commercial spyware companies, which could put some out of business.

ikmckenz|17 days ago

Your opinion is that Apple should have just handed over Jamal Khashoggi‘s information to the Saudi Arabian agents who were trying to kill him, because then Saudi Arabia wouldn’t have been incentivized to hack his phone? I think you’ll find most people’s priorities differ from yours.

saagarjha|17 days ago

As many people in this space have found out recently, there is no real thing as a non-shady government.

vonneumannstan|17 days ago

>It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.

I hate these lines. Like yes NSA or Mossad could easily pwn you if they want. Canelo Alvarez could also easily beat your ass. Is he worth spending time to defend against also?

high_na_euv|17 days ago

Yes, because Apple can do it at scale.

UqWBcuFx6NV4r|17 days ago

You’re missing the point. If they don’t believe that they’re targeted, how are they going to be able to LARP online?

Eridrus|17 days ago

Yes. If vendors do not take this seriously, these capabilities trickle down to less sophisticated adversaries.

varispeed|17 days ago

and if you point out that Apple's approach is security by obscurity with a dollop of PR, you get downvoted by fan bois.

Apple really need to open up so at very least 3rd parties can verify integrity of the system.

wat10000|17 days ago

They shipped MTE on hundreds of millions of devices. Is that security by obscurity or PR?

renato_shira|17 days ago

[deleted]

octoberfranklin|17 days ago

"trust the platform"

yeah stop doing that.