'Karma': A hack used by the UAE to break into iPhones of foes | Better HN

224 comments

109 comments · 20 top-level

zaroth7y ago· 21 in thread

Whether or not this hack was developed with the help of Apple (a “backdoor”) or by a third-party exploit, this is exactly what a “golden key” looks like after it gets in the wild.

An espionage tool developed by a major world power proliferates to totalitarian regimes, aided and operated by ex-NSA agents on the payroll, to compromise human rights activists and the political opposition.

If ever there was proof that our devices need to be striving — constantly striving — for absolute security, and can never allow any “trusted party” an authentication or encryption bypass, this article is it.

An exploit like this is incalculably valuable to intelligence agencies. That the exploit would proliferate is undeniable. And the ends to which it would be (has been) used is atrocious.

Probably the only thing different about how intelligence agencies exploited this, and how they would exploit a golden key, is that with the golden key they would be sweeping up every photo on every device, and not just some photos on some devices.

“It was like, ‘We have this great new exploit that we just bought. Get us a huge list of targets that have iPhones now,’” she said. “It was like Christmas.”

lawnchair_larry7y ago

Nobody credible believes for a second that Apple was involved, for whatever it’s worth.

zaroth7y ago

I was not trying to suggest that, I was trying to convey that once a spy agency has remote access (sanctioned or otherwise) we can see by this example how it is proliferated and abused.

> "Nobody credible..."

Your implication that doubting Apple is incredulousy, is ludicrous! Why is Apple so damn special?

At this point, there isn't any evidence that Apple is involved, and yes, they go on a PR blitz to focus on privacy and security, and get hit pieces published on how "privacy is a feature on the iPhone". But the history of backdoors suggests that no one voluntarily reveals them (Intel, Cisco, Juniper,...). In many cases, how the backdoors made their way in is a closely guarded secret, specifically to enable plausible deniability.

It's best not to put a company on a pedestal, like some religious cult.

equalunique7y ago

Can't tell if you mean credible as in credible or credible as in "credible"

Could you please provide some sources?

aboutruby7y ago

Could be some rogue employee, could be a legitimate employee under constraints / influence of an organization, etc. The NSA tried to do it with Linux quite a few times.

Nobody?

https://9to5mac.com/wp-content/uploads/sites/6/2018/04/cook4...

bawana7y ago

Isn't the UAE muslim? Why Christmas? or is it because UAE dollars bought Christian mercenaries? We are still in the middle ages and the crusades are still raging. Time to get rid of money - or at least build walls that prevent money from crossing borders as well as criminals. We are not worthy of the the technologic advances that a few geniuses have bestowed on us.

_mitch7y ago

That quote is attributed to a former NSA employee. Something being "like Christmas" is a popular American phrase that doesn't indicate one's religion.

There's an awful lot of stuff going on in that comment :p Didn't really understand what the focus was.

house_atr7y ago

"Totalitarian regime" I stop reading whenever I hear doublespeak. You need to find a new way to address countries that aren't western democracies. Especially since the rest of the world is catching up, you won't hold this monopoly on labels for much longer.

Godel_unicode7y ago

Connotations aside, totalitarian is an accurate description of the majority of the UAE. Most of it's citizens live in constituent Emirates which are absolute monarchies. Dubai is a notable exception as a constitutional monarchy, although the relative strength of the monarch is not exactly set even there.

frostburg7y ago

Those countries being relatively more powerful doesn't directly make their governments less unethical. Giving lip service to their propaganda doesn't help either.

Also, if you're talking about the mid east and not, say, China, the future doesn't really look bright.

FakeComments7y ago

I disagree with the conclusion of absolute security — it won’t happen, and only encourages subversion by people who both need and have a right to access the content.

Instead of pontificating, the tech industry should innovate.

There’s no reason that hashchains can’t be used to timelock the key, and the enclave export it in response to a signed request. Then we can at least force the compromises through the legal system and require effort to reverse the hashchain. That kind of court authorized targeted access removes the incentive (and justification) for other actors to more deeply compromise the system. In turn, this let’s us provide more security, in practice.

What’s not going to sell, and what the tech industry needs to get over is “lulz, it’ll impossible to intercept military or terrorist information because I need absolute privacy for my saucy emails”. I think it’s been empirically demonstrated that won’t happen.

Be part of the solution.

nothrabannosir7y ago

This sounds like a first order objection to a second order concern.

In particular:

> What’s not going to sell, and what the tech industry needs to get over is “lulz, it’ll impossible to intercept military or terrorist information because I need absolute privacy for my saucy emails”

Seems to be an ironic mischaracterisation of the parent’s point, which was precisely that one coubtry’s terrorism is another’s gay rights activist or high ranking foreign official.

From the article:

In 2017, for instance, the operatives used Karma to hack an iPhone used by Qatar’s Emir Sheikh Tamim bin Hamad al-Thani, as well as the devices of Turkey’s former Deputy Prime Minister Mehmet Şimşek, and Oman’s head of foreign affairs, Yusuf bin Alawi bin Abdullah. It isn’t clear what material was taken from their devices.

“Saucy e-mails” is a bit tone deaf :(

Wouldn't the police have a "right" to know if a person has any weapons? Detaining everyone and performing a full cavity search for any and all infractions is just the police exercising their "right" to such information. Will you be the first to bend over and spread for the cops "right" to peace of mind?

"That it is better 100 guilty Persons should escape than that one innocent Person should suffer, is a Maxim that has been long and generally approved."

techntoke7y ago

C'mon everyone, be part of the solution like this person says. The intelligence agencies will never abuse their power. You can trust them. /s

If I want to have a private conversation where the details of what are said are undiscoverable, I believe that's a right that people should have in a "free country", including over the internet, over phone, and so on. The fact is, I can, using some combination of math and secrets, accomplish this.

I don't think anyone on earth has the right to collect/record/see the contents of my communications other than me and the other participants, until there's reasonable suspicion of a crime.

Covert dragnet snooping is an evil means to any end, and it damages the moral standing of the society that does it.

> What’s not going to sell, and what the tech industry needs to get over is “lulz, it’ll impossible to intercept military or terrorist information because I need absolute privacy for my saucy emails”. I think it’s been empirically demonstrated that won’t happen.

It's very much the other way. Strong encryption algorithms have been available to the public for a long time now. You can ban using them, but the only way to effectively enforce that ban would be for the government to require that all devices capable of running code from external sources run only code that's signed by that government.

Without that, you can ban all you want, but terrorists and others who need that stuff will have it anyway. So the only effect would indeed be no privacy for saucy emails. Of course, intelligence agencies would love that, since it would allow them to have a society-wide dragnet.

sobellian7y ago

The objections to a golden key are irrespective of whatever system permits the golden key access. Your hashchains are completely irrelevant. The courts will use some key to sign their request, and that key will leak.

Cryptography reduces message security to key security, nothing more.

FakeComments, can you tell who you are?

pizza7y ago· 20 in thread

If the US government gives itself the right to install backdoors / exploit vulnerable software (as opposed to notifying companies about vulnerabilities) then I feel pretty uncomfortable about ex-government hackers just becoming freelance mercenaries using knowledge they may have gleaned from those ops once they move onto their next gig.

I can't think of a great solution to this problem.

TimTheTinker7y ago

> I can't think of a great solution to this problem.

There's really only one "final solution" to the problem in the purely technical realm. That would be to make provable security (in the theorem-proving sense) a non-negotiable requirement to all digital logic (both hardware and software) running on networked devices. I don't know if there's even a workable definition that would rigorously describe the goal of such an effort.

... But I believe that if provable security was important enough to everyone (just like "winning the war" in the 1940s or "getting to the moon" in the 1960's), we might possibly achieve it -- at least below the OS syscall level in a few major OSs and in several important userland libraries.

However, that ignores the human element of security, which can't ever be completely solved via mere human effort. People will always be vulnerable to social engineering, for example.

iheartpotatoes7y ago

I think your solution needs to extend to the hardware components on the board.

High security MCUs go through great lengths to defeat sideband attacks on the package (some really neat stuff too like failing if exposed to die shaving).

There are secure bus initiatives but they don't extend to the BOM (bill of materials) for all the components.

On top of that, GUI techniques for obscuring physical input (keyboards, UI touches) are needed.

Given Apple's posturing and patch release cadence, I think/feel they are on the side of privacy. Android too. We're on the right track, I wonder if eventually tech will win the arms race for exploits like this? (The rubber hose exploit will always work...)

jdsudo7y ago

"final solution" is generally a poor phrase to use: https://en.wikipedia.org/wiki/Final_Solution

bb887y ago

So, "provably secure" is a catch-22.

If something can be created to be provably secure, then it can be an argument for government legislating a back door.

"You said it's provably secure. Now you can give us provably secure access too without hurting your customer's privacy or security, because they're protected by the 4th amendment."

I don't think this can be solved by technology, I think this comes down to politics of freedom, if you get right down to it. And it looks like you're going to have to have that fight anyway.

acqq7y ago

> I can't think of a great solution to this problem.

The mentioned government agencies have the "NOBUS" belief: that the concept of "NObody But US" (having access to the "keys to the secrets") works.

This article is just one of a many good examples that it doesn't.

What could work are just the systems which are secure without any exceptions. Which is hard to achieve when enough powerful influences (most often directly or indirectly tax funded, even if not explicitly government organizations) do all they can to make that not happening. It's then easier than it appears to be to achieve the goals of nobody having an access to a really secure system.

An example:

https://en.wikipedia.org/wiki/Dual_EC_DRBG

"In September 2013, The New York Times reported that internal NSA memos leaked by Edward Snowden indicated that the NSA had worked during the standardization process to eventually become the sole editor of the Dual_EC_DRBG standard,[7] and concluded that the Dual_EC_DRBG standard did indeed contain a backdoor for the NSA.[8] As response, NIST stated that "NIST would not deliberately weaken a cryptographic standard."[9] According to the New York Times story, the NSA spends $250 million per year to insert backdoors in software and hardware as part of the Bullrun program.[10]"

cryptonector7y ago

You can make it illegal for ex-NSA employees to use their knowledge of exploits learned while on the NSA payroll. It may well already be the case for all I know.

TomMckenny7y ago

I hope with all my heart this is treated as the treason it is and not a "plausibly deniable" part of this recent policy of sucking up to brutal Arabian dictatorships regardless of atrocity.

luxuryballs7y ago

how about we make it illegal to hack into systems unauthorized? oh wait...

Quitting your job doesn't let you expose classified secrets, no.

YayamiOmate7y ago

And how do you enforce it?

Hmm. Wait. Was that sarcasm?

Perfect. Then, just hope people follow rules.

dexterdog7y ago

I can't imagine that it is not.

kaybe7y ago

No ethical one at least.

luxuryballs7y ago

sounds like maybe they should get a warrant and get legitimate access on an individual basis rather than being allowed to hack everything, you don’t need to hack me if I let you in, it should be just as illegal as it is for them to poke around in my house without a warrant

The US is Dr. Frankenstein, except they didn't learn their lesson from the first monster they unwittingly released into the world and continue to pump them out.

we could elect sane leaders...

tomschlick7y ago

And that's a novel idea when they are on the campaign trail... until they start getting daily national security briefings and learn about the attempted attacks supposedly foiled by good SIGINT. No one wants to be the president who turns that firehose off and "causes the next 9/11". I believe that is what happened with Obama.

floren7y ago

Like Obama? I remember how the NSA was shut down entirely during his tenure, man that was great.

That's a pretty outrageous claim. Do you have any evidence this is possible?

LinuxBender7y ago

leaders are well insulated from such knowledge for their (legal) safety.

mont7y ago· 13 in thread

I realize it's a really sexy headline, but I'd like for there to be more than 0 proof that this is a real thing. Especially if they claim a vulnerability that's exploitable by only sending a text.

swebs7y ago

This article doesn't cite sources, but the other one cites Lori Stroud, a former developer of the application.

https://www.reuters.com/investigates/special-report/usa-spyi...

ganoushoreilly7y ago

Lauri did not develop the program. She was an solely an intelligence analyst.

bkdbkd7y ago

A much more technical description of the program. Thank you.

shittyadmin7y ago

There've been similar issues in both iOS and Android before - iOS had one recently where a text would cause repeated app crashes. Back in 2009 there was a full exploit via SMS on iOS, and just a few years back the Android stagefright exploit was barely spared from turning into a giant worm due to exploit mitigations and the diversity of devices. It's quite possible to see these attacks come to light in a much scarier way. That exploit is solid gold and they probably paid a small fortune for it.

kuuspa7y ago

I am 100% sure this is an exploit related to PDU mode SMS messages. Tons of phones of different brands are probably vulnerable to variations of this attack.

newaccoutnas7y ago

I think the asertion that it's on the baseband is correct, for sure

alasdair_7y ago

>Especially if they claim a vulnerability that's exploitable by only sending a text.

For some time, it was possible to crash some iPhones by texting them a Taiwanese flag emoji (which was censored by mainland China). https://www.cultofmac.com/561635/apples-taiwanese-flag-ban-l...

I don't know offhand if this was a buffer overflow or something else, but if you can crash the OS with a text, you . could likely exploit it instead.

saagarjha7y ago

> I don't know offhand if this was a buffer overflow or something else

It was an issue when the device's local was set incorrectly and would return NULL, leading to a crash in CFStringCompare.

The description of the hack fits StageFright perfectly[1], which was exactly what it did. The sources may have just changed the affected platform to iOS to gain some traction.

[1] https://en.wikipedia.org/wiki/Stagefright_(bug)

m-ee7y ago

A stagefright style iOS bug was reported around the time this took place

https://9to5mac.com/2016/07/22/stagefright-mac-iphone-ipad/

qaq7y ago

I would imagine details of such an exploit are worth more than A million so doubt people would be eager to share

zozbot1237y ago

There have been similar vulnerabilities in iOS before, such as the crashing bug that could be exploited by sending a single malformed ligature/combined character in some incredibly obscure Indian script.

lawnchair_larry7y ago

There is no reason to doubt this. It wouldn’t be the first time such a vulnerability was found.

DyslexicAtheist7y ago· 11 in thread

TL;DR: the US attitude ...

  *It’s fine to spy on human rights activists with all the powers of government as long as they’re not American*

... really gets to the heart of how the US treats the rest of the world. The US is the biggest terror threat in the world today. Its pains are self inflicted and it's enemies created by their very own foreign policy.

sctb7y ago

> Eschew flamebait. Don't introduce flamewar topics unless you have something genuinely new to say. Avoid unrelated controversies and generic tangents.

https://news.ycombinator.com/newsguidelines.html

DyslexicAtheist7y ago

with respect, as a non US citizen this whole article to me is deeply offensive. I/we are being targeted simply because we are second class citizens on the web. Good enough to have our data extracted by US corps but our rights are trampled on. This is the essence of it yet you're accusing me of flame-baiting? Please reflect for a minute on how just this is to anyone who has never (and will never) step/ped foot in the US. Simply saying what I say here might mean I'm being persona-non-grata and harassed at your airports[1]. All of you should reflect on this the next time you come shopping to Europe or take your SO on honeymoon to Paris, Berlin & Milan.

[1] https://www.theregister.co.uk/2017/06/28/mozilla_dev_and_cur...

brians7y ago

That’s called recognizing UAE sovereignty and not imposing our laws or values. It’s flawed, but probably the best we can do.

On the other hand, the NSA vets who went to work for the UAE knew who was paying their salaries, and knew they’d gone to the dark side the minute they crossed passport control.

RankingMember7y ago

You'd think we'd have some special regulations regarding what kind of jobs ex-NSA can have after leaving.

module00007y ago

>> ... really gets to the heart of how the US treats the rest of the world.

Really gets to the heart of how the ruling 0.0001% of the US treats the rest of the world. Fixed that for you. Some of us just live here.

DyslexicAtheist7y ago

yeah I actually thought it would be clear as crystal that when I speak of the crimes committed here we're not talking about those that pay their taxes, and struggle to get access to health-care ... Most are themselves immigrants so how on earth would anyone suggest it's the ordinary citizen here that's guilty[0]. I do acknowledge that my comment was "un-American" (not that I give a hoot).

[0] https://en.wikipedia.org/wiki/The_Untold_History_of_the_Unit...

efdee7y ago

I think the amount of Americans who couldn't care less if it's not about spying on Americans is probably substantially higher than 0.0001%.

To be clear, it's not a moral problem if the UAE spies on Americans. It's perhaps a diplomatic problem. The problem here is Americans using American secrets to spy on Americans for a foreign country.

RankingMember7y ago

Please keep in mind that what you hear coming out of Washington does not necessarily reflect the thoughts and feelings of the people it governs. I'd guess that the vast majority of Americans would not support the statement you quoted.

kevin_b_er7y ago

Yeah we take exception usually to that. With things like gerrymandering being common, the government doesn't really represent the people.

DyslexicAtheist7y ago

see my reply to module0000 from just now here. I thought that this would be a given, but clearly I was wrong.

neom7y ago· 9 in thread

Am I the only one who feels like every time we get news of a government compromising an iPhone through some mystical exploit, the technology around it seems very fanciful?

acdha7y ago

What's so fanciful about it? We know that remote exploits exist. We know that cellphones have very complex baseband processors which used to have arbitrary memory access and while they've reported been locked down it's not like there hasn't been an arms race finding ways around every other security measure. We don't need any technological breakthroughs to posit that past remote exploits were not the only ones possible.

This is the problem with things like this or the Bloomberg server story: the capabilities are plausible but there's not enough information to know whether or not they're actually true so you're in the position of having to guess about whether someone actually could implement that attack and whether they'd chose to spend that much money.

mont7y ago

Like an exploit where all you need to do is enter the target's phone number to compromise their phone?

zaroth7y ago

TFA says they need to send the target a text message.

The exploit must be something like a buffer overflow in iMessage. Which we know bugs like this have been fixed. Remember the text of death which could crash any iPhone from a couple years ago?

neom7y ago

I think more that they manage to find these exploits and rapidly build infrastructure around it to make it useful.

sneakymichael7y ago

Bear in mind that, at one time, iOS devices could be jailbroken [to run arbitrary code] by simply opening a specifically-created PDF; https://www.wired.com/2011/07/jailbreakme-3-0-unlock-your-ip...

saagarjha7y ago

Not just arbitrary code, but arbitrary code with kernel privileges!

bkdbkd7y ago

Yes. It likely that the reporters don't understand the technology involved, so their reporting on that topic is pretty vague. Humans tend to look where there's light, even if they know that't not the most likely place to find it. That said we have the words exploit, imessage, full access, email/phone number. We can piece together that they use a 'buffer overrun' style exploit to break out of iMessage, and and possibly several other exploits, till they have remote code execution on the device, and then they install a bot/server to collect data. Really difficult in practice, but a familiar pattern. IIRC there's a Wired article recently that reviews similar tech from another company, the author of that article says he sets his phone down in their office, and minutes later they have access to all his data.

It's a corollary of Clarke's law. When technology is described by someone too stupid to understand it (like nearly all journalists), the explanation makes it sound like magic, because that's how the writer sees it.

FartyMcFarter7y ago

I don't think there's anything fanciful in having a request with well-crafted data cause remote code execution. I might be missing something though.

trhway7y ago· 4 in thread

>A team of former U.S. government intelligence operatives working for the United Arab Emirates

no non-competes? So, when Snowden tells to public about mere existence of NSA hacks - it is a crime, yet when an intelligence operative brings his NSA and the likes sourced detailed technical knowledge to a foreign government - that is kosher.

Well yeah, our leaders don't care nearly as much if you go and do shady shit for other leaders as they do about you exposing their own shady shit to the general population. Don't assume the US government is ever going to act in good faith about this kind of stuff.

welcome to reality

YayamiOmate7y ago

Now imagine what's going to be possible in Australia with their compulsory surveillance laws...

Though, I wouldn't be super surprised if they banned people they forced to implement exploits from leaving country =X

What do you expect the non-competes to accomplish, exactly? Thanks, California.

cfv7y ago· 4 in thread

I can't help but giggle at the thought of Emirati hackers. For whatever reason my mind can't wrap around the fact that an extremely religious people can also be at the high end of tech (at the very least high enough to figure out 0days and such).

Does anyone have any info on since when this has actually been like this? I'd like to look up how their CS education works and that kind of stuff.

There are plenty of religious people in Hacker News. I have no idea why you would think being religious or spiritual would prevent anyone from developing technology.

My religious views do not stem from a lack of intelligence or education.

cfv7y ago

Not even talking about intelligence here. Sorry. That's an endless time waster I'm not touching.

As mentioned, for whatever reason, I'm having a hard time picturing how people who deem apostasy punishable by death can also manage, research, and exploit modern equipment, and am looking for some indication as to when exactly did they start getting good at it.

The Society of Jesuits aka Jesuits have also conducted technical research in parallel with religious pursuits. Don't see any problem.

cfv7y ago

It's not a... problem, I'm just having a tough time understanding how that works. And would love any pointers towards more or less when they started getting good at it.

cs7027y ago· 3 in thread

>Three former operatives said they understood Karma to rely, at least in part, on a flaw in Apple’s messaging system, iMessage. They said the flaw allowed for the implantation of malware on the phone through iMessage, even if the phone’s owner didn’t use the iMessage program, enabling the hackers to establish a connection with the device. To initiate the compromise, Karma needed only to send the target a text message — the hack then required no action on the part of the recipient.

Has anyone here heard about or is familiar with this malware?

pjc507y ago

I wonder if this is https://www.theguardian.com/technology/2016/jul/22/stagefrig... again, the article mentions 2016.

Seems like a likely candidate.

This is kind of old. Flaws like this are in use since ever.

http://news.bbc.co.uk/2/hi/technology/8177755.stm

DGAP7y ago· 2 in thread

No one read the other Reuters article on this - it may have been criminal for NSA employees to participate in this, at the very least it was highly discouraged. If anything this is a good argument to pay IC employees on the GS payscale better so they're less likely to take jobs with other countries.

ganoushoreilly7y ago

Large govt. contractors and sub companies run this and all the other programs like this. There is tacit approval for these ops. I'd even imagine there's a bit of intel being fed back to them from the new employees.

DGAP7y ago

"The FBI is now investigating whether Raven’s American staff leaked classified U.S. surveillance techniques and if they illegally targeted American computer networks" [1]

It's still illegal to use US classified information for a program like this and it's still illegal to target American citizens or networks.

[1] https://www.reuters.com/investigates/special-report/usa-spyi...

air77y ago· 1 in thread

I think that the idea of out-of-the-box privacy/security against even a semi-competent adversary on any computer (especially a mobile device) is completely fictitious, and these hack stories play an important role in helping people realize that.

Consider the thousands of people around the world that are involved in making phones in design, hardware, software, manufacturing, signal providers, platform providers, app writers to name a few. Any of them could be malicious actors or accidentally introduce exploitable bugs. The idea that such a complex stack can shield you from very smart and resourceful people that are actively trying to peek though is not reasonable. Everyone, especially people that are "annoying" to powerful entities (corporate or government), should assume that everything they do with their mobile phone is accessible to the people they hope it isn't.

graeme7y ago

That a good, cautious stance. That said, thus may not be a good example of it.

We don't know the imessage bug, but a big one was patched in ios 9.3.3, released July 18, 2016. Meanwhile, the article says this exploit got a lot of people in 2016/2017.

So, presumably simply updating software would have protected a lot of the victims in this case.

The higher up in adversary skill level you go, the less this works. But up to a reasonably high level simply having up to date software thwarts most adversaries, no? And conversely, if you have very out of date software, even incompetent adversaries can break in.

tlrobinson7y ago· 1 in thread

> and former American intelligence operatives working as contractors for the UAE’s intelligence services

At what point does this become considered treason?

bradleyjg7y ago

Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.

mschuster917y ago

To expect citizens to revolt against their own country and force their "secret services" to not endanger public security any more by using and buying such 0days is one thing - that's unrealistic.

But seriously, I wonder why other governments and their citizens are not demanding drastic actions, like trade suspensions, expulsion of diplomats or other sanctions, when other countries get caught in such ways of spying or otherwise just screwing all over human rights. This one would be a perfect example to take a stand on - UAE is far smaller in oil trading and political importance than e.g. Saudi-Arabia.

Or why there seems to be next to zero public funding for providing open source, auditable hardware and software that could prevent such spying in the first place? The European Union could easily fund the development of a truly FOSS Android-based phone, down to the processors. Instead everyone seems to rely on Chinese or American products, which are both subject to non-European influence (in the US via NSLs, in China due to the massive influence of the Party on any major company).

renholder7y ago

IA link[0] for people who get "Page Not Found", trying to visit from Europe.

https://web.archive.org/web/20190130135641/https://www.reute...

Overlooked: the apathy required to become techno-mercenaries started with the agents convincing themselves that spying on nationals was different than foreign nationals while working in the NSA. To resist this apathy cyber intelligence agents working for any government/corporation should deploy a moral compass that assumes they are working for the UAE.

This also begs for international conventions. New international conventions would provide a psychological back-stop against the infosec industry's unchecked nationalism. When an agent asks themselves "is what I am doing okay" international convention and law would give them an alternative to compare with other than the militarist default of "yes".

Sorry for slight meta, but does anyone know why this 323 pt 8 hour old story is near the top of the front page, while the 6 hour old 639pt story on apple blocking FB's certs is on the 2nd page?

TLC5557y ago

You have an agency like the NSA with scores of genius mathematicians and hackers and a black budget. There's nothing beyond their means, spying wise.

I suspect that one day our internal thoughts and feelings will be under constant mass surveillance, Minority Report style, but it won't look like sci-fi when it happens.

jradd7y ago

I read this as: "class of netizens who use iphone, targeted by scandal or bad actor" poignantly titled 'Karma.'

cronix7y ago

While I find this absolutely disgusting and horrifying, at the same time I hope this becomes extremely widespread and rapidly. This needs to happen to Americans. Only then will we, the collective we, wake up and actually do something and maybe start to take privacy and security seriously.

I am rapidly becoming anti tech, as I think I can clearly see where this is all going. That's hard for me to say, as my whole life has been tech focused. I'm 47 and started coding when I was 10. My whole life centers around it, and always has.

Hitler, Stalin and Mao would have absolutely loved to be alive today and have these types of tools. Maybe we need another 100M deaths to see what this kind of information and power leads to. We are recording everything we do digitally, all to be easily analyzed by whomever comes to power at some future point of time, where the rules might be different. Most of what is recorded about us we don't even know. It will also be easier to find all of the relatives, so they can be killed off too. They like to make examples and ensure no one steps out of line. They don't just kill you, they kill 1-2 generations of your family.

This data won't go away. Ever. They will know who likes what, who supports what, etc. Just a keyword search away from getting a list of names and addresses. We think we are so clever. We are building our future jail. For the first time in history, we have the ability to track every single minute detail about a persons life from birth til death, in extreme, high resolution which grows by the day. I don't just know you went from point A to point B. I know the exact route you took, how long it took to complete each segment, how long you stopped at each place along the way, what those places were, etc. That's just gps data.

I saw the 60 Minutes piece on PlanetLabs recent launch of 300 satellites. They're taking pics of the globe in very hi resolution, constantly. Better than some of our spy sats. Oh, and anyone can access that data. It's free! They showed how they were able to go back in time to when the compound that Osama Bin Laden killed in was built. They were then able to create a very accurate model of the compound which led to the raid that killed him by going so far back in time to when they started building the thing. Obviously we think that's a good thing because it led to a mass murderers death, but think about that technology.... recording everything 24/7, globally, going back years in time to reconstruct something that happened in the past... https://www.cbsnews.com/news/private-company-launches-larges...

KangLi7y ago

What about Dragonfly? Is it also assisted by the government? It is censored but it sounds like a rat trap.

Taking the sources of the article on their word...

They said the tools use faded in late 2017 due to apple patches and that compromise required only sending a text message. Examining CVE's up until late 2017 may give more of an idea of how this tool worked. Judging from a cursory review, there are many remote code exploits so it would be hard to narrow down. But this is what I chose to look at when considering CVE's between Jun 2017 and Dec 2017 that could effect iMessage. Many of these are classified as Denial of Service bugs but often those can be extended to code execution with extensive research.

IOKit https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

IOMobileFrameBuffer https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

CFString https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

CoreText https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

CoreText https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

Fonts? https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

ImageIO https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

Messages https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

Kernel: too many to count

These were compiled by reviewing the apple security mailing list https://lists.apple.com/archives/security-announce/2017

j / k navigate · click thread line to collapse