Isn’t there a very well-known Isreali tech company that can break iPhone encryption given enough times? This isn’t just a feeling but I also think there’s some zero-days intelligence agencies have planted and could be hiding
I swear to God, the government has done a good job of making people forget about the Snowden leak.
Many governments, all over the world, but especially the U.S. and China, can and are installing physical hardware backdoors into essentially every consumer grade phone and computer in the market.
Did they even have to do any job?
There was a story from the podcast ‘Darknet Dairies’ where it was discovered that a journalist’s phone had tracking software uploaded to their phone in a zero click text. The target’s phone received a text in the middle of the night that uploaded the software and then deleted any history of the text being received. I think this is one of features of the Pegasus software sold by the NSO Group. And that was 5 or 6 years ago.
It totally depends on your definitions and which government you’re talking about. Israel’s use of pegasus malware to exfiltrate sensitive information from journalists and detractors is notorious. Considering how tight big tech in the US is with fascists (and the history of the NSA), it wouldn’t be a huge leap of logic to assume that they are at least trying to get backdoors installed and are making off the books deals with tech companies to acquire information extrajudicially.
I’m pretty sure they’ve broken into my phone a few times.
And got severely disappointed.
Of course they can, and do.
There used to be a time people would watch what they saud on their landlines while talking for fear they were being wiretapped.
Now nearly everyone is asking their wiretap for chili recipes and other dumb things.
Do you have a good chilli recipe to share?
Sorry. Best I can do now is 20 different AI written recipes that are all slight deviations from a single mediocre chili recipe written by an influencer 8 years ago.
My understanding is they may be able to but to do so risks publicizing secret exploits, which could then be fixed. So they usually save these for very high profile targets to make sure it’s worth it.
Which is why people just use Cellebrite, or however those Israeli cunt muffins spell it, as the benchmark.
GraoheneOS FTW
Exactly. If they want my erotic Pokemon fanfic, they’re going to have to earn it…
you’re not wrong, and it’s not really a conspiracy, it’s fairly well-documented at this point
there’s a whole industry of companies called ‘exploit brokers’ and surveillance vendors that sell smartphone compromise capabilities to governments. the most famous is NSO Group, an Israeli firm whose product Pegasus was used by governments worldwide to silently compromise iPhones and Android devices, including targeting journalists, activists, and political opponents. Amnesty International and Citizen Lab have forensically confirmed infections on real devices. this isn’t speculation; it’s documented in court filings and peer-reviewed technical research
the way it works is through what are called zero-days: software vulnerabilities that even the phone manufacturers don’t know about yet. these can be worth millions of dollars on the open market. governments and their contractors hoard them, sometimes for years, to maintain access capabilities. Apple and Google are constantly patching these when they discover them, which is why you see urgent security updates
so the ‘we can’t break into it’ statements from agencies like the FBI are more nuanced than they appear. what they often mean is they can’t break into it cheaply, at scale, without vendor cooperation, not that it’s impossible. they’re usually pushing for backdoors built into the software so they don’t have to rely on expensive zero-days or third-party vendors like Cellebrite
the problem is that any backdoor you build for the “good guys” is also a vulnerability that adversaries can find and exploit. security researchers largely agree you can’t have a backdoor only the right people can use, it doesn’t work that way technically
so your instinct is right. the public debate is somewhat theater. the real capabilities exist, they’re just expensive, targeted, and something governments don’t want to fully disclose because it would reveal sources and methods
To add to this, there’s the cost trade. To use one of these 0days as a resource means the result needs to be equal to or more than the cost of using this. If it cost my opponent $3 to cause a problem, and it costs me $6 to fix it, my opponent effectively profited off of that exchange. I can’t think of a single journalist since Watergate that could cost the government enough money to be worth paying for this kind of removal when it’s far cheaper to
have them murderedlet them die peacefully in their sleep from bullet inhalation. Not to mention that it shows their hand if they so it publicly and makes future targets harder to hit.You and I will never be worth the kind of money that currently takes, but if they get an official back door installed the cost goes down so far that it would literally never be a loss.
In 2020, the European Court of Justice declared the Privacy Shield agreement, an agreement on data exchange with the US, incompatible with European law and thus effectively terminated it, not because of the activities of any corporations, but because data stored on US servers is not sufficiently protected from access by the US government (Schrems II ruling). The reason for this is the absurd legislation in the US, such as the Patriot Act, which, although it has been weakened, still allows the state to force any company or private individual to hand over all data processed on servers physically located on US soil, even without any suspicion or a court order.
As a result, all US companies doing business in the EU were forced to operate servers on European soil in order to continue their activities legally. European companies that used US providers that did not comply had to switch to providers that do not operate servers in the US.
Unfortunately, it took only 21 months for US lobbying to undermine the European Court of Justice’s decision: in 2022, a follow-up agreement was adopted, the “EU-U.S. Data Privacy Framework,” which is no different from its predecessor at all. The legal situation remains the same in the US, and once again there is no protection of data from the US government.
In short, anyone who uses services that are processed on US servers is not protected from arbitrary access by the US - and this also applies to EU citizens.
You’re forgetting about the Cloud Act which allows the US government to get data from cloud providers even if it isn’t stored in the US.
Thanks for pointing that out. I’ll definitely take a look at that. It’s remarkable how the US has managed to maintain an image of “freedom” for years, even though it uses autocratic surveillance methods not only only on any other country but on its own citizens - and also for years and years. You almost have to be grateful to Trump for revealing all this in such an incredibly stupid way, just to enrich himself.
I’ve been certain of it for years. I’ve assumed the NSA can access any american made technology since the Patriot act, IDF any Israeli made piece of technology, CCP any Chinese made…
CCP any Chinese made
NSA can access any american made technology since the Patriot asct
Behold:
a “Google Play Certified” phone that is probably gonna be in made in China
the double whammy
With an Israeli made VPN client on it.
It’s a big club.
Just because they are out to get you, it doesn’t mean you’re not paranoid.
There is no doubt governments hoard 0-day vulnerabilities. We saw that with the Shadow Brokers and Eternal Blue.
When a government says they can’t break into a system, what they are really saying is we don’t want to tell the court how we did this in order to establish the chain of custody for evidence also , we don’t want the vendor to fix it.
With all that said there are limits. Like being able to listen to your phone when it’s off, or turn it on remotely is just wrong
Feeling? Have you seen Snowden’s leaks? It’s a fact.
They can get into most phones for sure, and even if you have GrapheneOS in a paranoid config they can get you if they put in significant effort. They will come at the data from a direction that doesn’t require compromising the phone itself if that’s too much challenge. You need to think about the total attack surface, the phone itself is just one thing. Ultimately it’s about what resources are necessary to get what they want, for most phones the resources are relatively minimal but also most people are not worth the resources to them.
You have to look at jail breaking iOS as one of the most powerful security movements in the history of computing.
Every time a new exploit would come out, jailbreakers would open source it, give out every detail. So Apple could fix it. That made the OS very secure. Like, to the point where jail breaking is in one way no longer possible.
Remember the time when you could jailbreak your phone just by downloading a PDF file? Imagine jailbreakers not open sourcing that but selling it to a shady company or government. Suddenly, every PDF file you get in an email can complete take over your phone.
You’re right - exploits exist that these companies hide from the people and from mobile manufacturers. They do so because they’ve built multi-million dollar models for using these exploits against people they want to target. But is there a universal exploit for all iOS? No. If it were, someone would be loading cydia on it and uploading a grainy video on X or whatever.
I remember the days where jailbreaking didn’t even need a download. There was a website you’d visit and there was a slider that said something like slide to jailbreak and then it was done! What a glorious time that was.
