New ask Hacker News story: Ask HN: Are we entering a 0-click era?
Ask HN: Are we entering a 0-click era?
9 by apienx | 5 comments on Hacker News.
Just finished reading Project Zero's sobering blog post on the NSO 0-click iOS exploit (see googleprojectzero.blogspot.com). If an integer overflow vulnerability in iMessage's GIF codec can be turned into a pretty much full-fledged 64-bit VM, then there's simply no trusting anything more sophisticated than a tin can phone. And even if you only use a basic feature phone, you can still be targeted by 0-click (e)SIM attacks (e.g. the ones targeting S@T browser or WIB and probably many more yet-to-be-discovered flaws). Plus all the (pseudo?)-lawfully backdoored layers (pretty sure it doesn't take less-than-democratic states more than a few threatening emails to the compliance department of most banks to be get access to their banking app). Assuming that the number of 0-click exploits will increase with the complexity of our phones, do you think we're entering a great-equalizer-era where the tech-savvy political dissident has the same chance to avoid malware/interception as the novice? Or are there best practices to manage risk (compartmentalization, makeshift hardware switches, frequently changing/resetting devices, etc.)?
9 by apienx | 5 comments on Hacker News.
Just finished reading Project Zero's sobering blog post on the NSO 0-click iOS exploit (see googleprojectzero.blogspot.com). If an integer overflow vulnerability in iMessage's GIF codec can be turned into a pretty much full-fledged 64-bit VM, then there's simply no trusting anything more sophisticated than a tin can phone. And even if you only use a basic feature phone, you can still be targeted by 0-click (e)SIM attacks (e.g. the ones targeting S@T browser or WIB and probably many more yet-to-be-discovered flaws). Plus all the (pseudo?)-lawfully backdoored layers (pretty sure it doesn't take less-than-democratic states more than a few threatening emails to the compliance department of most banks to be get access to their banking app). Assuming that the number of 0-click exploits will increase with the complexity of our phones, do you think we're entering a great-equalizer-era where the tech-savvy political dissident has the same chance to avoid malware/interception as the novice? Or are there best practices to manage risk (compartmentalization, makeshift hardware switches, frequently changing/resetting devices, etc.)?
Comments
Post a Comment