this post was submitted on 17 Sep 2023
560 points (98.8% liked)

World News

39019 readers
2249 users here now

A community for discussing events around the World

Rules:

Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.


Lemmy World Partners

News !news@lemmy.world

Politics !politics@lemmy.world

World Politics !globalpolitics@lemmy.world


Recommendations

For Firefox users, there is media bias / propaganda / fact check plugin.

https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/

founded 1 year ago
MODERATORS
 
  • Russia appears to be targeting journalists with spyware known as Pegasus.

  • Pegasus is a "zero-click" software, hacking phones by sending texts that don't need to be opened.

  • The software has targeted dozens of journalists, activists, and politicians in recent years.

you are viewing a single comment's thread
view the rest of the comments
[–] chiisana@lemmy.chiisana.net 28 points 1 year ago (2 children)

They do, and they’ve shared the counter measure (lockdown mode) with the world.

If a nation state will individually target someone, they don’t need to doom scroll on insta (nor do they need to). Locking down the phone to the bare minimum for these kind of people is the appropriate level of response.

[–] crossal@lemmy.world 4 points 1 year ago (1 children)

How is this a solution? 🤔 and whats the "solution" for android?

[–] chiisana@lemmy.chiisana.net -3 points 1 year ago (1 children)

I don’t know Android. Sorry. Doesn’t locking down to very very limited hardened features goes against everything Android is (highly flexible customizable for power users who’d want to do that kind of stuff)?

[–] crossal@lemmy.world 1 points 1 year ago

If the feature can be turned on and off by the user then I don't think it goes against anything right, they'd still have the power?🤔 but locking down everything doesnt seem like a great fix for the average user. Bug fixes should be the real fix

[–] peopleproblems@lemmy.world -3 points 1 year ago (2 children)

As much as I want to believe this is effective, all it looks to do is turn your phone into... a phone.

If they can get cell records, they can track you.

SMS isn't end-to-end encrypted, once it leaves your phone to the network it's fair game. Given that Russia controls Russian Telecom, you can be fairly certain that a phone call and an SMS are monitored.

At that point, you're left with the old school one-time pad. And I can bet on Russia being Russia, so if they see a one-time pad in use, they're just going to pick you up and beat you ~~to death~~ until you talk.

[–] ysjet@lemmy.world 3 points 1 year ago (1 children)

Which is why these people don't use sms or standard calling. They use something like Signal.

[–] ours@lemmy.film 2 points 1 year ago

Signal is great but if the phone itself is compromised it won't help much.

[–] WaLLy3K@infosec.pub 2 points 1 year ago* (last edited 1 year ago)

Lockdown mode was released as a countermeasure specifically against Pegasus the first time it made the rounds as it disables many ways that are commonly exploited as the initial vector point - mainly attachments, links and previews in texts, as well as certain complex web browsing technologies.

I've had Lockdown mode on since it's been released. I miss having 2FA code autofilled from text messages, and there's the occasional website that'll need to be whitelisted as it may display an emoji instead of a custom font... but aside from that, it's barely an inconvenience.

Your telco is always going to be a weak point in a scenario like this, but better that than your phone because a hostile actor sent you a text message that embedded silent persistent spyware.