"<i>Bredoux added: “It takes a bit of time to realise it, but it’s extremely unpleasant to think that one is being spied on, that photos of your husband and children, your friends – who are all collateral victims – are being looked at; that there is no space in which you can escape. It’s very disturbing.”</i>"<p>Welcome to the future! It's pretty much the same as the past, only more effective.
I have seen some manuals were released and some tools reverse engineered. What is currently the best link for a deep technical overview of how these tools work/worked?
Slight OT: the malware indicators of compromise that Amnesty International released have no license, thereby prohibiting use in other projects as far as I understand.<p><a href="https://github.com/AmnestyTech/investigations/issues/11" rel="nofollow">https://github.com/AmnestyTech/investigations/issues/11</a><p>If anyone can help on that front it'd be much appreciated.
How would I factory reset and then cold boot my phone?<p>I'm very noob wrt firmware and rootkits and even CPU microcode. My understanding is some kind of factory reset is no longer feasible. And certainly no longer verifiable.<p>--<p>Ages ago, I proposed that electronic voting machines (tabulators) boot from CD-ROM. Device's ROM would only have bare minimum boot loader. Imagine some super minimal embedded controller, zero unnecessary features. Mount a CD, run the optical scanner, a few buttons, 2 line LCD panel, dot matrix printer.<p>Assume 2000s best practices election administration. Scantron style ballots, precinct-based poll sites, tabulation occurs the moment polls close, tabulated results posted publicly.<p>These CD-ROMs would then by secured, as much as possible, thru physical chain of custody. Just like all other election artifacts. They'd also contain snapshot of entire source and toolchain and election data, so any one could inspect them, reproduce the builds, verify the dataset, etc.<p>My jurisdiction had 100s of poll sites. Instead of programming each ballot scanner, they'd burn CD-ROMs.<p>Any way.<p>I mention this because I think such simplistic view of secured computing is no longer feasible. And to consider all the things we'd have to give up to return such a world.<p>Could I put a phone's entire dev stack onto some WORM media and then reimage the device? What would that even look like?
Is there no regulatory or compliance requirements for surveillance software?<p>Instead of blaming the victims of pegasus, we should focus our attention on the lack of actions from key policymakers and regulatory bodies. It is not possible for every individual to be a technical expert when it comes to malware removal, but we can reduce the likelihood of misusing surveillance software by creating an ethical framework around it, backed by nations that value freedom and democracy.
but remember, NSO is just doing the dirty work that needs to be done /s<p>They're knowingly selling to untrustworthy organizations knowing they'll be used for criminal purposes. They're criminals, and should be treated as such.
I wonder what would have happened to windows phone/lumias if things had turned out differently.<p>I also wonder if there was something like that when windows mobile was on the market.
Could a pegasus infection be detected with something like Litte Snitch or Lulu for iphones, in my mind, it'd be suspicious if some application was sending gigabytes of data over the wire
RFI and France24 did some reporting a few days ago how everyone from activists to journalists were targeted, see: <a href="https://www.france24.com/en/technology/20210718-private-israeli-malware-used-to-spy-on-journalists-activists-and-politicians" rel="nofollow">https://www.france24.com/en/technology/20210718-private-isra...</a>