←back to thread

ICE obtains access to Israeli-made spyware that hack phones and encrypted apps

(www.theguardian.com)
192 points pera | 4 comments | 02 Sep 25 18:12 UTC | HN request time: 0.39s | source
Show context
OutOfHere ◴[02 Sep 25 19:56 UTC] No.45108214[source]
There are three main categories of entry into a device via zero-days: WhatsApp/Signal, SMS/MMS, and Firefox/Chrome/Safari. If these can be isolated, entering a device could become harder.
replies(4): >>45108228 #>>45108305 #>>45109523 #>>45112057 #
1. mandeepj ◴[02 Sep 25 19:57 UTC] No.45108228[source]
I wonder if those apps can be operated from a secure vault or conclave

Edit:

Something like this, but for phones

https://learn.microsoft.com/en-us/windows/security/applicati...

replies(2): >>45108512 #>>45109245 #
2. OutOfHere ◴[02 Sep 25 20:23 UTC] No.45108512[source]
I already have two secure conclaves in my phone, and they're already used up for other apps, e.g. finance apps, etc. One of them uses Work Profile and the other uses Knox. I don't think that more such regions are allowed on non-rooted Android.

As for iOS, to my knowledge it doesn't allow for any such app segregation.

In general, we need stronger per-app isolation such that a zero-day affecting one app doesn't grant any access to anything else.

replies(1): >>45108560 #
3. mandeepj ◴[02 Sep 25 20:27 UTC] No.45108560[source]
Seems like you have an android! I wrote my parent comment in context of an iPhone. Sorry for not clarifying earlier
4. exceptione ◴[02 Sep 25 21:24 UTC] No.45109245[source]
https://grapheneos.org/features

(Microsoft and security are distinct concepts, btw.)