I pity the poor grunt tasked with wading through my WhatsApp history. 

Interesting story, thanks for the link

What about your photo library Goethe?  
 

would that be any better? 

hours and hours’ worth of mugging selfies next to neon green lamborghinis

Laz if I were you I’d safely assume everything I did on my phone was monitored .... given where you live. Again you may not care... but they certainly do. 

I kind of do assume that tbh

doesn’t stop me watching loads of porn obv

ime Americans don’t really use WhatsApp, just SMS. I have always assumed that this is because in the US you don’t, generally, pay more for SMS/texts to different mobile networks (unlimited SMS/texts to any network is common) and that access to decent mobile broadband outside of cities has historically been a bit patchy. No idea if that’s true though.

fine if you’ve got a decent interface app for SMS i suppose 

default SMS interface on most smartphones is utterly piggish

also, interesting given how long it took americans to get into SMS in the first place... I can remember when my american friends thought they were some weird Brit / European thing.

Is this going to be as big a story as Snowden?  Papers obviously desperate for it to be.

If Pegasus can do this you can bet your bottoms that the Russians and Chinese can too. Isn’t WhatsApp generally acknowledged to be a bit shite for security? 

This story has been floating around for ages but very few people have been lying attention. 

 Whatsapp is actually suing the Israeli company at the moment over specific breaches of its platform by this software.

But the whatsapp part is just the tip of a spectacularly large iceberg ... 

https://www.google.ae/amp/s/amp.theguardian.com/technology/2020/jul/17/us-judge-whatsapp-lawsuit-against-israeli-spyware-firm-nso-can-proceed

I have zero doubt this software is involved in all kinds of criminal and nefarious actions. 

I also have no doubt that this software also permits Israeli to obtain valuable intelligence on all the people they have sold this software to.  

From what I have read every bit of information obtained by this software runs through the Israeli based servers... which means they in turn can track exactly who is being spied on by their customers. 
 

Why else would they supply this to places like KSA and the UAE... 😏
 

While I agree nothing is truly secure, I also think that :

1. The collective "they" dont have the resources to cope with all high end deep red threats out there in the world.

2. "I'm not bothered by the NSA looking through my keystroke history. They" certainly dont have the resources to anything except (at best) nod at the very very worst thing that the very very worst of us have done on their worst day (just sayin)

3. The threat for me is when, in the near future, the current unused capacity to say "ok lets look at every key stroke Asturias evea made" passes into private hands.

4 When the 0.0001% of the 1%  have that searchable access, democracy as we know it is fecked.

5. I know may of you will be convinced this already exists (and obvio it already does exist in the KSA & UAE of this world) but I personally dont think its in the UK ...yet

Perhaps MI5 are all clustered round a computer laughing at my sechsy texts as I type this…

Whilst I agree in principle with you Asti... the average man on the street in the UK has nothing to worry about ... yet.  

But I don’t think having the resources is the problem you think it is.  AI is rapidly advancing in that field.  

I also strongly suspect that we are already a surprisingly long way down the road towards number 4.

I think we agree TBH

6G will be the gateway for alot of changes

It's concerning what NSO can do, but I feel like there's some misunderstanding of what's actually happening here. 

The Whatsapp messaging platform is not being hacked. Individual handsets are being compromised, and then that access is being used to view messages after they've arrived and been decrypted.

It's definitely a serious worry for figures like world leaders who could realistically be the target of these techniques, but it isn't any kind of slippery slope towards massive dragnet surveillance of everyone. These are not techniques that scale. 

It's more like the tech equivalent of assigning agents to physically follow a suspect around. High-effort, targeted and resource intensive, not least because what is and isn't possible is constantly shifting with every OS software update. 

Broadly agree with Scylla (in that you should assume nothing on phone is private), but I don’t see why the hate for WhatsApp in particular. If your phone is compromised by Pegasus malware then everything on it is fair game - it doesn’t matter how secure individual pieces of software and apps are if the phone is compromised on the operating system level. 
 

(this STOry is based off the Guardian and others reporting over the weekend on all the people and governments using this spyware on journalists and politicians etc instead of criminals - scary stuff)

There is no specific whatsapp hate here. Or at least not from me. 
 

This thread is a continuation of one that happened was some time back people where  commenting about various UK government using whatsapp to converse about government business. 
 

Some members of the Orange expressed the opinion that they didn’t see any problem with that as whatsapp was secure and encrypted. 
 

I, and others, disagreed with that assessment. 
 

Pegasus software does indeed attack individual handsets and does so through various security flaws. Most of those flaws are not occurring in the Apple or Android operating platforms but in various applications which are downloaded to the phone by the user. 
 

Of these applications whatsapp was one of the most heavily compromised that we know of by Pegasus. 
 

But as a side note everyone should seriously query whether downloading the latest photo selfie filter app produced by some dodgy company in Russia that asks permission to access all kinds of data in your phone is a good idea. Hint. It’s really not. 

The original thread and point being that all government dealings should be concluded on government systems and platforms which are isolated and firewalled from personal devices and communications and equiped and properly monitored by IT professionals for intrusion. 
 

Government communications protocols don’t just exist to create a government archival record but to protect the national interest. 
 

Using whatsapp to discuss these things is a complete breach of the most basic principles of information security. 

Perhaps MI5 are all clustered round a computer laughing at my sechsy texts as I type this…

*MI5 agent shuffles awkwardly in chair as phone goes off just after particularly gross sechsy text sent.*

Broadly agree with Scylla (in that you should assume nothing on phone is private), but I don’t see why the hate for WhatsApp in particular. If your phone is compromised by Pegasus malware then everything on it is fair game - it doesn’t matter how secure individual pieces of software and apps are if the phone is compromised on the operating system level. 

I thought one of the concerns is that WhasApp was one of the main conduits for this shite getting on your phone in the first place?

Could be miles off there though.  Happy to be corrected. 

Kind of Asimov. 
 

As above Pegasus uses security flaws in various applications to gain access. 
 

We know that Pegasus targeted specific  whatsapp security flaws to gain access to phones .. but we only know that because whatsapp is suing NSO for doing it. 
 

It is entirely possible however that there are many, many, many other applications that have similar security flaws which Pegasus may also have compromised.  And we wouldn’t have a clue about it because no one wants to make public to at their application is a security flaw. 

Thanks Scylla.  That's interesting.  Doesn't seem as if this story is really catching fire yet.  Guardian and rest of the partner papers say they are going to start releasing names of those targeted. Be interesting to see if that kicks things up a notch.  

And my comments above about not downloading random viral apps is because there are concerns they these kinds of viral apps may  actually be  the equivalent of Trojan horses. 

You voluntarily download a compromised application to your phone, randomly click agree because who reads the terms and conditions for an app and hey presto they have everything. 
 

you’d be amazed at what you find in those terms and conditions if you really read them. 

why would a photo filter site need access to my whole camera roll, or my location services, or all my contacts? 
 

assuming that the guardian is correct then one of the very worrying aspects is that Pegasus can access via a “no click attack” e.g. it’s suggested that a Whatsapp call to your phone that you don’t even answer can be enough for the software to take over your phone! no need to download dodgy russian app. 
wasn’t it alleged that a member of Saudi royalty used this software to access Jeff Bezos’ phone and extract pictures of him with his - then - mistress? 

smartphones need a physical lens cap - like most laptops have now - but of course the microphone is still available. 
blackmailers heaven! extracting relatively modest sums from hundreds of thousands of smartphone users could be the next cyber crime cottage industry. 
question: when the software is sold to e.g. the Rawandan govt. how do the manufacturers prevent sub selling of use? Or is that a tech naive question?

One thing to remember is any report of what this software can do is always just what it could do at one particular point in time. It's a constant cat and mouse game of Apple/Google shutting their exploits down, then NSO coming up with new ones. 

Like, iOS 14.5 shut down the possibility of no-click attacks almost completely.

This info is from 2016, all of the things described in it are probably no longer be possible. 

But NSO will have developed newer methods since - that may be more advanced in some ways or more limited in others. 

The remote blackmail thing doesn't work very well as a blackmailer needs to be able to contact you to arrange payment of the money and if you simply block their number as soon as they try it they just move on.  Someone who befriended me on Facebook tried something similar years ago but simply blocked them and any other identity that tried to connect with me and that was the end of that.

happy with assuming that the content of an email sent via the internet is potentially pinned on a public notice board but everything on my phone and the phone itself filming and listening to me is disturbing. 

The no click attack was a specific feature of the whatsapp security flaws.  Or at least that is what I had understood. 
 

There is no reason to think they haven’t achieved that with other apps and security flaws. 
 

Bezos claimed that his phone was hacked by a message sent by Mohammed Bone Saw himself to Bezos personal mobile phone.. and all contents then leaked to the National enquirer. 

The National enquirer then apparently threatened to publish the materials including his dick pics if he wouldn’t shut down the editorials being run by the Washington post (which he owns) about Jamal K’s assassination.

this version has however been disputed with the National enquirer which claims it obtained the material from Bezos mistresses brother who apparently decided to hack Bezos phone .. 

it is interesting though that these particular leaks confirm that Pegasus software was used to target people close to Jamal including his wife and fiancée. 
 

glad to see no click attacks shutdown (allegedly) but one clicks on a lot of stuff and those bastards are cunning. 
 

sails once a few people have had videos of themselves masturbating (while watching porn on their phone) emailed/SMSd to every person in their contacts the message will get out that it might be preferable to pay £300 to that bloke who contacted you on Facebook rather than blocking him - even without a guarantee that the material will be destroyed. 

Agree with Scylla latest posts. 
 

incidentally for whoever posted about MI5 above - it is well established as far back as the Snowden revelations that NSA analysts did exactly that - nekkid pics etc from surveillance targets were widely circulated around offices. And Snowden was before the full app/mobile stuff took off 

Trouble is they were going to disseminate it to my Facebook friends but they couldn't do that without access to my profile so blocking left them nowhere to send anything and no way to contact me.  Also all my friends know I'm pervert so I'd be able to style it out.

Same way Microsoft does presumably.  License keys and access to software updates would be key with a product like this. 
 

as above it’s basically a cat and mouse game with Pegasus exploiting various security flaws and Apple/android and developers shutting them down. 
 

I did however read somewhere (not sure where exactly)  that it works as a platform as a service where the Pegasus software never actually leaves Israel and is completely hosted there and all data it extracts returns to its data centres. And is then available to the client. 
 

I’d assume some fairly serious security protocols would apply to platform access making sub licensing difficult. 
 

This of course wouldn’t at all prevent some corrupt official in Mexico with access from using those credentials to do whatever he wanted though.. 

I mean some of their customers are not at the bleeding edge of ethical behaviour….

bet it’s all controlled from base and that part of the deal is data sharing with the software creators in some shape or form. 

Pancakes does the IOS update detect and remove any software that may have been activated by a no click approach before it was updated though?  Or does it just prevent new attacks? 
 

The really worrisome thing about this software is the at once it’s on there the only real way to get rid of it is to buy a new phone and do a manual data transfer. I.e don’t use the Bluetooth option or the Apple sync to set up your new phone. 
 

Or so I have been told...

I operate on the principle I shall never be important enough for anyone to care about the details of my life.

And what about those people who are important enough for others to care. 
 

are you ok with such software being used to target those people? 
 

People like human rights activists, anti corruption campaigners, politicians, judges, legislators  and journalists? 
 

This software gives the  ability to monitor, control, influence, imprison and even lure to their deaths those people trying to make society a better place for you to be a nobody in. It impacts us all indirectly. 

That's a separate issue and we know from historic files that there has always been a degree of monitoring going on.  I'm most concerned about national security and government ministers should have phones using the latest that top criminals are already using.

One thing in the story I'd love to know more about is them saying it's technologically impossible for them to use their software on US phone numbers. 

I'd love to know if that's actually true, or if it's rubbish and they just block use on US numbers to keep political heat away. 

and if enough terabytes of data are downloaded before the security flaw is fixed then what will be important on an individual level is how many ££ you care enough to pay to stop unimportant but excruciatingly embarrassing stuff being sent to your entire contacts bank.  
“I operate on the principle I shall never be important enough for anyone to care about the details of my life.”

obv much less important than kashoggi stuff but of more immediate concern to me - and everyone really. 

Depends on your personality.  There's nothing on my phone that I would be unable to get past if it was exposed.  As above most of my friends already know about it and everybody w**ks so who cares if they've done it on a webcam (in fact I'd be amazed if there's anyone under 30 who hasn't) combined with the fact I stopped being embarrassed by the dumb stuff I've done about 15 years ago.

not done it on a webcam but been unwittingly filmed by your own phone you wally!

everyone (nearly) w**ks but very few film a particularly vigorous session and send it to all their contacts - but you do have some form for some niche sexual kinks admittedly….

Given that my phone spends most of its life in my pocket or face down on my desk or bedside table it will be a spectacularly boring video.  The only juicy stuff they'd find is the stuff I've filmed or photographed myself.

mind bleach please

Heh@ “Mohammed Bone Saw”

Not sure why videos of Saildog running through the snow require mind bleach.  I don't keep anything that's at all salacious once it's been sent.

unwittingly bcc.d to NSO. 

I sense a challenge to see if I can do something so depraved it leaves someone at NSO in therapy...

This is the other side of phone hacking coin. 
 

https://www.news.com.au/technology/australia-us-and-allies-blame-china-for-huge-microsoft-exchange-hack-condemn-countrys-malicious-cyber-activities/news-story/6a6df9a7de7c9a45630cc9d9229a005f
 

I know someone who works in this area. According to them the level of IP theft by China specifically would blow your mind. And they wouldn’t call China out like this unless h they were absolutely certain on it. 
 

China regularly breach the networks and servers of hundreds of thousands of companies around the work. Most don’t even know they’ve been compromised or if they do what has been accessed. 
 

If China can successfully hack Microsoft how do you think your work systems stand up.  The answer for the record is not well.

Some time again I was  involved in advising on a services contract, to engage forensic IT specialists whose entire business was to respond to these kinds of hacks and identify what information was taken. It was eye opening to say the least. And the vast majority of companies would never afford their fees. 
 

How many of you access work systems through a mobile phone? 
 

You may not be particularly interesting as an individual but you might work somewhere very interesting to someone. 

And the WP finally catches up with my 8.01.

This part of the story is so blatantly obvious. 
 

https://www.washingtonpost.com/national-security/2021/07/20/nso-israel-intelligence/

It's just a form of warfare now. Countries have always gone for jaw-jaw or war-war (to use Churchill's phrase) and this is just a new battlefield. They're all in on it. 

Agreed. 

except  it’s being used as an internal tool of war by countries against the fourth estate and any form of civil dissidents. 

that should terrify us. 

It’s also rather interesting that the US intel person openly confirms that Pegasus does nothing that most competent governments can’t already do themselves .. 

There is also an article in Haaretz which apparently claims the Israeli government actually overrode Pegasus internal concerns about some customers and forced the sale of this product to come countries. 
 

I say apparently because it’s behind a paywall and I can’t read the whole thing 

https://www.haaretz.com/israel-news/tech-news/.premium.HIGHLIGHT-where-bibi-went-nso-followed-how-israel-pushed-cyberweapons-sales-1.10015034
 

if anyone has access to this I’d be very interested in a cut and paste onto this thread so I can read it 

The true irony here is all the covid tedes of the RoF alt right screaming about my freedumbs and facist mask wearing are completely silent on this issue... which represents a real and very serious risk to the things they say they care about. 
 

Yes but rof’s Covid tedes are largely as thick as pigshit, and twice as selfish.