Over the weekend, an international consortium of news outlets reported that several authoritarian governments — including Mexico, Morocco and the United Arab Emirates — used spyware developed by NSO Group to hack into the phones of thousands of their most vocal critics, including journalists, activists, politicians and business executives.
A leaked list of 50,000 phone numbers of potential surveillance targets was obtained by Paris-based journalism nonprofit Forbidden Stories and Amnesty International and shared with the reporting consortium, including The Washington Post and The Guardian. Researchers analyzed the phones of dozens of victims to confirm they were targeted by the NSO's Pegasus spyware, which can access all of the data on a person's phone. The reports also confirm new details of the government customers themselves, which NSO Group closely guards. Hungary, a member of the European Union where privacy from surveillance is supposed to be a fundamental right for its 500 million residents, is named as an NSO customer.
The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices, but slightly differently. Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones.
The toolkit works on the command line, so it's not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal. We got it working in about 10 minutes, plus the time to create a fresh backup of an iPhone, which you will want to do if you want to check up to the hour.
[Also Covered By]: GIZMODO
(Score: 1, Funny) by Anonymous Coward on Wednesday July 21 2021, @08:47AM (5 children)
That's why those of us in the know stick to nokia flip-phones.
(Score: 3, Touché) by FatPhil on Wednesday July 21 2021, @09:48AM (3 children)
Still using my Nokia N900...
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2, Informative) by Anonymous Coward on Wednesday July 21 2021, @10:47AM
I basically had to get a smart phone this year because my bank starting to require it for them to do their AML/KYC policy (scanning your ID card chip through the phone). Since then more banks here are following the smart phone app hype, because they claim it is more secure (than their own old school identifier gizmo that has an air gap). I once tried to go into discussion with someone from my bank, but got stuck somewhere between "that's policy now, I can't help you further" and can't argue with stupid.
(Score: 2) by shortscreen on Wednesday July 21 2021, @06:29PM (1 child)
I had to get a new phone recently, because the carrier was changing networks and going to VoLTE. There were still two flipphone options: Alcatel Goflip 3 and Coolpad Snap. But they want eighty bucks for these things now, even though they look like the same old junk to me.
So I started looking at other phones. They are all the same design. A few inches wide, a fraction of an inch thick, and very long. If I had to name this design, I would call it the 'broadsword'. I went through one carrier's list of every phone that they claimed would work on their network and did an image search on models from each brand. All the same thing. Broadswords everywhere.
(Score: 2) by FatPhil on Wednesday July 21 2021, @06:46PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Informative) by KritonK on Wednesday July 21 2021, @10:46AM
Naaah, I use a Nokia 3310. No need to bother with flipping the phone open/closed all the time, the battery lasts almost forever, and the device does everything I need from a phone (i.e., make and receive phone calls).
(Score: 4, Insightful) by Runaway1956 on Wednesday July 21 2021, @09:15AM (6 children)
The command line, or CLI, is as refined and polished as things get. Anything and everything else that runs on top of, or above, the CLI is an obfuscation that separates you from the operating system. Got an application that doesn't work? You have no clue why it's not working? Fire up a CLI and invoke your application, and read the errors. Now you have something to report to the IT guy!
"Your application, 'Groovin with Bart', "eat my shorts at line 241: error 37 No shorts found."
(Score: 2) by PiMuNu on Wednesday July 21 2021, @12:27PM (2 children)
CLI is obfuscated by bash (or whatever is common nowadays).
(Score: 2) by Subsentient on Wednesday July 21 2021, @04:11PM (1 child)
Bash is still dominant. Cmon, bash is good, and it's been around for decades. It actually improves upon POSIX shell in meaningful ways, and everybody knows bash.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 3, Touché) by PiMuNu on Wednesday July 21 2021, @04:43PM
I know, just being pedantic.
(Score: 2) by fakefuck39 on Wednesday July 21 2021, @06:01PM
well, this CLI does not work for my android phone, and I have no idea why it's not working. Of course, i have a weird degoogled rom, and half the apps don't work either. but I'm also pretty sure Pegasus wouldn't work on it either. What's annoying is half the banks out there only give you the chat and check deposit options through their banking app, which don't run on my phone, and not on their website.
(Score: 0) by Anonymous Coward on Thursday July 22 2021, @06:10PM (1 child)
(Score: 3, Touché) by Runaway1956 on Thursday July 22 2021, @08:31PM
I can beat CLI. I drive analog.
(Score: 4, Touché) by Anonymous Coward on Wednesday July 21 2021, @10:12AM (1 child)
#include
bool hasPhone;
"Do you have an iPhone or Android phone?" >> cout;
cin >> hasPhone;
if hasPhone {
cout "Yes, NSO’s Pegasus Spyware Targeted your Phone";
}
(Score: 2) by richtopia on Wednesday July 21 2021, @05:54PM
"Do you have a Windows phone?"
"I'm sorry"
(Score: 2) by Subsentient on Wednesday July 21 2021, @04:05PM (4 children)
*Laughs maniacally in pinephone*
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 1, Interesting) by Anonymous Coward on Wednesday July 21 2021, @08:11PM (3 children)
It really isn't optional anymore. Either Pine or the Librum are the only options at this point. A "Degoogled" eBay special clunker is a distant second because you still don't get access to the modem side. Pinephone is doing an early access (i.e. for the brave or developers) to an almost entirely open stack in the modem itself, including a mainline kernel. A few blobs will remain for the DSP, nobody is insane enough to want to monkey around with the actual radio. But embedding spyware into the modem should be pretty impractical with everything else compiled by the community.
(Score: 2) by hendrikboom on Wednesday July 21 2021, @10:13PM (2 children)
Yes, Pinephone and Librem are attractive, mainly for Linux interperability, but also for some modicum of privacy and security.
On my phone I use several features that as far as I know are not part of the usual GNU/Linux systems:
(1) make and receive phone calls, of course (I presume these phones can do this)
(2) Facebook Messenger Lite -- for which I'll need a to interoperate.
(3) SMS messaging (probably present on both phones)
(4) cashing cheques by photographing them using my bank's app.
Any idea how (2) and (4) can be done on the Pinephone or Librem?
-- hendrik
(Score: 1, Funny) by Anonymous Coward on Wednesday July 21 2021, @10:59PM
The inability of Pinephone and Librem to communicate with other phones is paramount to their security.
(Score: 1, Interesting) by Anonymous Coward on Wednesday July 21 2021, @11:46PM
If you can't use Fakebook through a browser or PWA you would be out of luck. But since any "app" for it is almost infested spyware, this is part of the plan.
You will never have banking apps on any device the powers that be do not own. You seem to be missing the whole point.
And yes, Pinephone does SMS pretty solid, calls is 90% there and MMS support is rolling out through the various distros now. Wifi and 4G data are also dependable. Both Firefox and Chromium are available for browsing. Everything is still very alpha though. Depending on which distro you boot you might not even have a viable notepad, todo or calendar yet. Development is at a furious pace though. If you want to experience a ground floor Linux, buy a Pinephone. It is like 1994 all over again. We know how that ended up, fairly confident this also ends up with something short of world domination but close enough for our needs.
(Score: 0) by Anonymous Coward on Wednesday July 21 2021, @08:07PM (5 children)
Imagine being so innocent that you don't know the U.S. is using the same, or more advanced, tools against political dissidents in the U.S.
(Score: 0) by Anonymous Coward on Wednesday July 21 2021, @08:38PM (2 children)
you mean selling these tools to Algeria and Pakistan and the Saudis?
(Score: 0) by Anonymous Coward on Wednesday July 21 2021, @10:09PM (1 child)
All Muslim countries... why would the US be helping its mortal enemies?
(Score: 0) by Anonymous Coward on Wednesday July 21 2021, @11:50PM
You missed Mexico is on that list. In the frickin' summary, you didn't even need to RTFA to get that clue. There are more. More we know about today and more we will learn of. It is always this way, a constant drip of admissions, circling back and revising of past statements. They know the lies won't hold for long but since they never pay a price for being caught lying they keep doing it.
(Score: 1, Informative) by Anonymous Coward on Thursday July 22 2021, @01:02AM
No that's not how it works. The rest of the 5-eyes spy on our citizens and we spy on their citizens. They then swap information. Avoids the legalities of spying on your own citizens.
(Score: 0, Offtopic) by khallow on Thursday July 22 2021, @12:13PM
We couldn't have a substantive discussion about this without a little whataboutism.
(Score: 1) by khallow on Thursday July 22 2021, @12:19PM (1 child)
From the attached "explanations" to the Charter of Fundamental Rights (which is adopted as part of the EU constitution).
When rights hold, except for huge loopholes that are easy to invoke, then they aren't really rights.
(Score: 1) by khallow on Thursday July 22 2021, @12:23PM