559

Apple informs journalists Russia is targeting them with Pegasus spyware(www.businessinsider.nl)

posted
by
Avatar
MicroWave@lemmy.world
in
Avatar
world@lemmy.world
55 comments
hidereport

  • Russia appears to be targeting journalists with spyware known as Pegasus.

  • Pegasus is a “zero-click” software, hacking phones by sending texts that don’t need to be opened.

  • The software has targeted dozens of journalists, activists, and politicians in recent years.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
narc0tic_bird@lemm.ee
71 points

It’s not like Pegasus is exploiting a single bug in iOS, there are probably hundreds of different ways Pegasus got onto phones over the years. Known security bugs get patched.

Pegasus isn’t a single piece of software, it’s a big toolkit, constantly updated. It’s a race similar to ads vs. ad blockers.

It’s not a problem exclusive to iOS either. Pegasus works on Android phones as well.

permalink
report
parent
reply
Avatar
masterofn001@lemmy.ca
-6 points
*

Code has been analyzed from several versions of it.

Edit: the code and analysis report available here:

https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/

(Edit: it amazes me how much people will defend/rationalize the most valuable corporation ever known to put more effort into the camera being placed 2mm to the left than an exploit that gets people killed.)

That Apple (especially) can’t mitigate against it is pretty damning.

Regardless what Pegasus is made of, it exploits vulnerabilities. Use a rock, a bat, or hard boiled egg and you can break a cheap window. It’s the window that is insecure. Not the methods used.

A trillion dollar company ought to be able to put up a bit more than plexiglass.

And the mega corps ought to be working together on this. Imagine if it got out into the wild.

Remember spectre?

https://en.m.wikipedia.org/wiki/Spectre_(security_vulnerability)

I am not a lawyer.

permalink
report
parent
reply
Avatar
clutch@lemmy.ml
1 point

Apple can’t or Apple won’t?

permalink
report
parent
reply
Avatar
drcobaltjedi@programming.dev
5 points

Theres literally a functioning business model of “find zero-day exploits for software X and sell that info to the highest bidder”. There is actively many huge bounties for currently working exploits that you, random dude on the internet, can get if you can show that an unknown bug can be used to gain access to some software. Pegasus is one of the groups buying the exploits and then using it.

It is a perpetual cat and mouse game. Every time that Apple is made aware of an exploit they patch it asap, but that doesn’t mean they’ve fixed every exploit. You can’t fix a bug unless you know it’s there.

permalink
report
parent
reply
Avatar
masterofn001@lemmy.ca
-1 points
*

Really? An entire economy based on hacking, exploits, and exfiltration? (Edit: I guess I need this: /s, because, /whoosh)

Again. A 2 TRILLION DOLLAR COMPANY, should be able to find the resources to not only find these exploits, but be able to more vigorously check their own code on their own platform on their own hardware in their own labs.

Doubly since it affects a broad range of hardware/software/firmware, and since these exploits essentially own everything, and it is targeted at high value targets including members of state, journos, advocates and dissenters, it would seem necessary to develop better security in tandem with the other half of the monopoly and OEM’S and national security agencies.

It isn’t just a bug that erases your favorite cat pics. Worst case, these exploits can erase your life if you end up saying/knowing/thinking something someone doesn’t like.

I find it difficult to believe after 3 years, multiple os updates, code changes, hardware/chip redesign, the same exploit(s) have remained so thoroughly effective, and the best a company can do is “lockdown”

You’re already owned by then.

permalink
report
parent
reply
Show more comments
Avatar
Dudewitbow@lemmy.ml
24 points

hardware based speculation is hard to patch compared to most exploits that are just bad programming mistakes due to two factors. one being its hardware and its hard to patch out hardware and 2. fixing it would lead to severe drop in performance. A name of a very recent one would be Retbleed.

permalink
report
parent
reply
Avatar
masterofn001@lemmy.ca
1 point

Yet, if you check your dmesg you’ll find innumerable methods of mitigation against such exploits.

A software patch for hardware issue.

Personally, I’d rather the drop in performance than the Kashoggi treatment.

permalink
report
parent
reply
Show more comments

World News

!world@lemmy.world

Create post

A community for discussing events around the World

Rules:

  • Rule 1: posts have the following requirements:

    • Post news articles only
    • Video links are NOT articles and will be removed.
    • Title must match the article headline
    • Not United States Internal News
    • Recent (Past 30 Days)
    • Screenshots/links to other social media sites (Twitter/X/Facebook/Youtube/reddit, etc.) are explicitly forbidden, as are link shorteners.

  • Rule 2: Do not copy the entire article into your post. The key points in 1-2 paragraphs is allowed (even encouraged!), but large segments of articles posted in the body will result in the post being removed. If you have to stop and think “Is this fair use?”, it probably isn’t. Archive links, especially the ones created on link submission, are absolutely allowed but those that avoid paywalls are not.

  • Rule 3: Opinions articles, or Articles based on misinformation/propaganda may be removed. Sources that have a Low or Very Low factual reporting rating or MBFC Credibility Rating may be removed.

  • Rule 4: Posts or comments that are homophobic, transphobic, racist, sexist, anti-religious, or ableist will be removed. “Ironic” prejudice is just prejudiced.

  • Posts and comments must abide by the lemmy.world terms of service UPDATED AS OF 10/19

  • Rule 5: Keep it civil. It’s OK to say the subject of an article is behaving like a (pejorative, pejorative). It’s NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.

  • Rule 6: Memes, spam, other low effort posting, reposts, misinformation, advocating violence, off-topic, trolling, offensive, regarding the moderators or meta in content may be removed at any time.

  • Rule 7: We didn’t USED to need a rule about how many posts one could make in a day, then someone posted NINETEEN articles in a single day. Not comments, FULL ARTICLES. If you’re posting more than say, 10 or so, consider going outside and touching grass. We reserve the right to limit over-posting so a single user does not dominate the front page.

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.

Lemmy World Partners

News !news@lemmy.world

Politics !politics@lemmy.world

World Politics !globalpolitics@lemmy.world

Recommendations

For Firefox users, there is media bias / propaganda / fact check plugin.

https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/

Community stats

  • 12K

    Monthly active users

  • 16K

    Posts

  • 275K

    Comments

Community moderators