• Russia appears to be targeting journalists with spyware known as Pegasus.

  • Pegasus is a “zero-click” software, hacking phones by sending texts that don’t need to be opened.

  • The software has targeted dozens of journalists, activists, and politicians in recent years.

  • peopleproblems@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    9
    ·
    1 year ago

    As much as I want to believe this is effective, all it looks to do is turn your phone into… a phone.

    If they can get cell records, they can track you.

    SMS isn’t end-to-end encrypted, once it leaves your phone to the network it’s fair game. Given that Russia controls Russian Telecom, you can be fairly certain that a phone call and an SMS are monitored.

    At that point, you’re left with the old school one-time pad. And I can bet on Russia being Russia, so if they see a one-time pad in use, they’re just going to pick you up and beat you to death until you talk.

    • ysjet@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      Which is why these people don’t use sms or standard calling. They use something like Signal.

      • ours@lemmy.film
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        1 year ago

        Signal is great but if the phone itself is compromised it won’t help much.

    • WaLLy3K@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Lockdown mode was released as a countermeasure specifically against Pegasus the first time it made the rounds as it disables many ways that are commonly exploited as the initial vector point - mainly attachments, links and previews in texts, as well as certain complex web browsing technologies.

      I’ve had Lockdown mode on since it’s been released. I miss having 2FA code autofilled from text messages, and there’s the occasional website that’ll need to be whitelisted as it may display an emoji instead of a custom font… but aside from that, it’s barely an inconvenience.

      Your telco is always going to be a weak point in a scenario like this, but better that than your phone because a hostile actor sent you a text message that embedded silent persistent spyware.