undefined | Better HN

0 pointslvh9y ago0 comments

You made a specific claim: no app, easy dragnet, work ticket level, because tons of hidden 0days. I'm taking it as read that a publicly patched one doesn't count. Is there evidence for that claim in the actual documents?

Pending that, here is evidence of a counter claim. I'd repeat what tptacek said, but he's whittled it down better than I could: https://news.ycombinator.com/item?id=13811541

To cite Tony Arcieri, the only elite cryptanalysis trick in play here is "Android is a tire fire". Cue surprised gasp from security researchers.

Furthermore, you did not refute my central claim. Popping a Cisco 12k: read a bunch of unencrypted comms until detection. Target a specific person to get bit by a specific iOS exploit: maybe read some of the data until it gets patched. Surely you'll agree that one is drastically more expensive than the other?

0 comments

sqeaky9y ago

I haven't gone through all the documents but the summary does say verbatim:

> dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows

The only presumption on my part is that they are remotely exploitable, which is practically a requirement for mobile device exploits to be useful because physical access is hard to obtain. I do plan on going further through these, they look fun.

Of course encrypted communication is better for the user than unencrypted, but this is not the place for that, which is why I ignored it. This was supposed to be a discussion about massive government overreach, not petty squabbles between apps. With unfettered access to these phones there are all manner of hypothetical attacks that could go after any of these app providers and not just snoop on the communications of the users. With root access to a large number of phones and little oversight their capacity for harm is frightening, this seems more worthy of discussion.

lvhOP9y ago

The documents do not mention encrypted communications; that same summary editorialized them in.

j / k navigate · click thread line to collapse