Parliamentary petition against 'backdooring' e2e encryption

Apple trying to sue pegasus company NSO
https://www.wsj.com/articles/apple-...ver-spyware-claiming-iphone-hacks-11637694330

Apple employees have spent “thousands of hours” responding to NSO Group’s attacks, Apple said in its filing. NSO Group’s tools were used against U.S. citizens, according to Apple’s complaint. NSO Group “did not breach data contained on Apple’s servers, but did abuse Apple’s services and servers to perpetrate attacks,” Apple’s complaint states.
Click to expand...

If they understand the techniques NSO uses, why don't Apple just put mechanism in place to regularly audit phones, or seal loopholes,
... has nso strategy been adopted by other less scrupulous companies.

https://www.amnesty.org/en/latest/r...ology-report-how-to-catch-nso-groups-pegasus/
These records played critical role in later investigations. In many cases we discovered suspected Pegasus processes executed on devices immediately following suspicious iMessage account lookups.
....
In mid-2021 Amnesty International identified yet another case of a prominent investigative journalist from Azerbaijan (CODE AZJRN1) who was repeatedly targeted using Pegasus zero-click attacks from 2019 until mid-2021
....
Amnesty International is also releasing a tool we have created, called Mobile Verification Toolkit (MVT). MVT is a modular tool that simplifies the process of acquiring and analysing data from Android devices, and the analysis of records from iOS backups and filesystem dumps, specifically to identify potential traces of compromise.
MVT can be provided with indicators of compromise in STIX2 format and will identify any matching indicators found on the device. In conjunction with Pegasus indicators, MVT can help identify if an iPhone have been compromised.
Click to expand...
 
Surely if this comes in and is public knowledge, then criminals will just implement there own encryption apps that dont have said backdoor, yes it would break the law but they are criminals so wont care :D
 
jpaul said:
... has nso strategy been adopted by other less scrupulous companies.
Click to expand...

NSO really don't seem to have been particularly scrupulous to start with...

What's 'interesting' about all the NSO stuff is how it's seemingly not been used by more western countries, like the US and UK, and the seemingly obvious reason for that is they've got their own internal versions of that type of software... Good to know :p

As for the encryption stuff, it's ridiculous, even if we ignore the "won't someone think of the children" wailing instead of any viable arguments it's entirely useless as it's trivial to workaround.
 

Again, backdooring proves academic.​



Apple Warns of Security Flaw for iPhones, iPads and Macs


Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.
NSO Group has been blacklisted by the U.S. Commerce Department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Click to expand...

I guess their bug bounties include a NDA to never reveal the problem, and, there is obfuscation in the code to avoid others now discovering it.


3 days ago,

Survey: Nearly half of Android users consider switching to iPhone over security and privacy concerns

maybe someone should complain to OFCOM about the validity of the Apple privacy adverts, too late for Mr Khashoggi
 
jpaul said:
Again, backdooring proves academic.
Click to expand...
Not sure this is the same as Governments wanting to explicitly implement "backdoors" into encryption for their (and everyone else's) use, rather it's vulnerabilities, specifically in the kernel and with webkit in this case, that have been exploited by various groups.
At least it's patched though.

jpaul said:
Survey: Nearly half of Android users consider switching to iPhone over security and privacy concerns
Click to expand...
Interesting, although i wonder if those users thinking of making the switch know that iCloud (same as Google or any other non-user encrypted cloud service) isn't particularly secure....
 
Ios isn't open source, so no scrutiny from the industry on the quality of their code ?, as exposed by this breech
... Apple just play the game of nothing to see here, you've got to wonder if todays dicators, business Ifolks wonders whose watching,
shared code base with mac books too, so double exposure, I care more about someone taking out the laptop.

Apple share price seems little changed, more stable than bitcoin.
 
You must log in or register to reply here.
Back
Top Bottom