-
Russia appears to be targeting journalists with spyware known as Pegasus.
-
Pegasus is a “zero-click” software, hacking phones by sending texts that don’t need to be opened.
-
The software has targeted dozens of journalists, activists, and politicians in recent years.
It’s not like Pegasus is exploiting a single bug in iOS, there are probably hundreds of different ways Pegasus got onto phones over the years. Known security bugs get patched.
Pegasus isn’t a single piece of software, it’s a big toolkit, constantly updated. It’s a race similar to ads vs. ad blockers.
It’s not a problem exclusive to iOS either. Pegasus works on Android phones as well.
Code has been analyzed from several versions of it.
That Apple (especially) can’t mitigate against it is pretty damning.
Regardless what Pegasus is made of, it exploits vulnerabilities. Use a rock, a bat, or hard boiled egg and you can break a cheap window. It’s the window that is insecure. Not the methods used.
A trillion dollar company ought to be able to put up a bit more than plexiglass.
And the mega corps ought to be working together on this. Imagine if it got out into the wild.
Remember spectre?
https://en.m.wikipedia.org/wiki/Spectre_(security_vulnerability)
I am not a lawyer.
hardware based speculation is hard to patch compared to most exploits that are just bad programming mistakes due to two factors. one being its hardware and its hard to patch out hardware and 2. fixing it would lead to severe drop in performance. A name of a very recent one would be Retbleed.
Yet, if you check your dmesg you’ll find innumerable methods of mitigation against such exploits.
A software patch for hardware issue.
Personally, I’d rather the drop in performance than the Kashoggi treatment.