Most active commenters
  • OutOfHere(5)

←back to thread

ICE obtains access to Israeli-made spyware that hack phones and encrypted apps

(www.theguardian.com)
192 points pera | 15 comments | 02 Sep 25 18:12 UTC | HN request time: 1.41s | source | bottom
1. OutOfHere ◴[02 Sep 25 19:56 UTC] No.45108214[source]
There are three main categories of entry into a device via zero-days: WhatsApp/Signal, SMS/MMS, and Firefox/Chrome/Safari. If these can be isolated, entering a device could become harder.
replies(4): >>45108228 #>>45108305 #>>45109523 #>>45112057 #
2. mandeepj ◴[02 Sep 25 19:57 UTC] No.45108228[source]
I wonder if those apps can be operated from a secure vault or conclave

Edit:

Something like this, but for phones

https://learn.microsoft.com/en-us/windows/security/applicati...

replies(2): >>45108512 #>>45109245 #
3. ◴[02 Sep 25 20:04 UTC] No.45108305[source]
4. OutOfHere ◴[02 Sep 25 20:23 UTC] No.45108512[source]
I already have two secure conclaves in my phone, and they're already used up for other apps, e.g. finance apps, etc. One of them uses Work Profile and the other uses Knox. I don't think that more such regions are allowed on non-rooted Android.

As for iOS, to my knowledge it doesn't allow for any such app segregation.

In general, we need stronger per-app isolation such that a zero-day affecting one app doesn't grant any access to anything else.

replies(1): >>45108560 #
5. mandeepj ◴[02 Sep 25 20:27 UTC] No.45108560{3}[source]
Seems like you have an android! I wrote my parent comment in context of an iPhone. Sorry for not clarifying earlier
6. exceptione ◴[02 Sep 25 21:24 UTC] No.45109245[source]
https://grapheneos.org/features

(Microsoft and security are distinct concepts, btw.)

7. upofadown ◴[02 Sep 25 21:47 UTC] No.45109523[source]
SMS is inherently plain text. I think a user would have to click on a link for an attack to work.
replies(2): >>45109586 #>>45110313 #
8. PieTime ◴[02 Sep 25 21:52 UTC] No.45109586[source]
They have developed zero click exploits before
9. OutOfHere ◴[02 Sep 25 23:11 UTC] No.45110313[source]
Link previews would do the trick, and let me confirm that the Google Messages app for SMS does show link previews with no way to disable them.

"Expressive animations" are yet another vector because their rendering can be exploited.

As for MMS, it is a known prominent risk.

10. const_cast ◴[03 Sep 25 03:42 UTC] No.45112057[source]
For all y'all Linux users: run your browsers in a container. You can isolate Firefox to just ~/downloads using Flatpak, it's really easy. Stops those pesky zero days from causing too much damage. Also everything just works.
replies(1): >>45112269 #
11. OutOfHere ◴[03 Sep 25 04:33 UTC] No.45112269[source]
Is there really a recommended Docker image for Firefox? And does it really work with a UI? Or did you mean to use Flatpak? Can it be run from a Mac?
replies(2): >>45112802 #>>45115271 #
12. soraminazuki ◴[03 Sep 25 06:27 UTC] No.45112802{3}[source]
I don't think you need to do anything for macOS. It already has a permission system for filesystem access.
replies(1): >>45114733 #
13. OutOfHere ◴[03 Sep 25 12:04 UTC] No.45114733{4}[source]
Zero-day exploits for web browsers routinely compromise the entire system, even on MacOS. Even without admin access, the exploit can do significant harm.
replies(1): >>45117834 #
14. const_cast ◴[03 Sep 25 13:07 UTC] No.45115271{3}[source]
I believe Flatpak is linux-only. There's a UI to edit Flatpak settings from KDE settings or you can use flatseal.

You can do tons of neat things with it. You can also cut off environment variables, cut off the x11 socket, only allow certain dbus channels, etc. You don't need a docker container or anything, Flatpak is a container technology.

15. soraminazuki ◴[03 Sep 25 16:39 UTC] No.45117834{5}[source]
The native permission system still works for limiting filesystem access. As for the kinds of things you're describing, I don't think containerization is an effective enough countermeasure. At least definitely not Docker, which includes a root daemon that can be made to run arbitrary commands. A VM, possibly with some of the host integration features disabled, is a better option but is more costly in terms of setup, usability, and power usage. For many, the cost far exceed the risk.