What is the significance of these? Could use some quotes.
Finspy - a phising attack. User tricked into installing malicious flash upgrade (probably on the windows platform). Not related to mobiles.
Finspy - Quote New FinSpy iOS and Android implants revealed ITW | Securelist
FinSpy for iOS is able to monitor almost all device activities, including record VoIP calls via external apps such as Skype or WhatsApp.
Well, that is interesting but that is a feature of computer malware too. Once root compromised, all computer functions can be used against the user. Nothing specifically related to iOS / Android here.
However, functionality is achieved by leveraging Cydia Substrate’s hooking functionality, so this implant can only be installed on jailbroken devices
Well, jailbreak is very much discouraged by Apple. However, adding the risks of rooting / jail breaking / some custom ROMs to Account and Mobile Devices Security would be good.
IMSI-catcher: If someone is already targeted then it’s game over anyhow in context of Whonix. However, briefly explaining IMSI-catcher would be good too as I guess many people are unaware of it.
Though FinFisher - Wikipedia sounds pretty devastating wrt iphones:
The security flaw in iTunes that FinFisher is reported to have exploited was first described in 2008 by security software commentator Brian Krebs. Apple did not patch the security flaw for more than three years, until November 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch. Promotional videos used by the firm at trade shows which illustrate how to infect a computer with the surveillance suite were released by WikiLeaks in December, 2011.
How many users are aware of that and doing that? The point of documenting this would be pointing that out.
Not sure what you mean by insecurity of cellular protocols. That 3G, 4G, 5G encryption isn’t as safe as let’s say
.onion, or gpg? That MITM eavesdropping is possible? Well, that may be true but the critical point is here is device exploitation and the device turning into a snitch, uploading all voice, contents, video elsewhere.
Marketed as an “NSO uniqueness, which significantly differentiates the Pegasus solution from any other solution available in the market”, the Over-the-Air (OTA) installation vector works by sending a stealth push notification to the target’s phone and requires no interaction from the target in the form of either clicking links or opening messages, rendering the spyware installation “totally silent and invisible”. This kind of attack is known as a ‘zero-click’ exploit. However, the applicability of the OTA vector appears to be limited, with a footnote noting that “some devices do not support it; some service providers block push messages”, as well as noting that the attack will not work if “target phone number unknown.”
many more examples of another NSO zero-click installation vector being utilized nonetheless appeared in 2019 when WhatsApp announced that NSO Group had leveraged a zero-click RCE (Remote Code Execution) exploit in their app which allowed NSO Group to successfully infect targets simply by placing a call via WhatsApp to the target; “the person did not even have to answer the call” to be infected. According to the WhatsApp complaint, NSO Group attempted to infect more than 1,400 phone numbers via this attack vector, with “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials” being more than 100 of those targeted by NSO Group via the WhatsApp exploit.
As zero-click vulnerabilities by definition do not require any user interaction, they are the hardest to defend against.
This sounds pretty big. I.e. some phones, some people targeted got hacked without falling for phishing. All that was needed in many cases was knowing a phone number of a target. “Never mind eaves dropping a phone call over insecure cellular network.” It’s about owning the whole device.
airplane mode would have defended that but that’s kinda saying “unplug your computer from the internet”. Then it’s no longer a very useful device.
No simcard + WiFi wouldn’t have defended the mentioned whatsapp example above either.