I'm surprised this isn't a major diplomatic incident between the UK and Israel too, since the Israeli intelligence company was supposedly "closely monitoring how their customers were using the software" or akin to that.<p>Like, yeah, blame the UAE <i>mostly</i> for this but let's also have a discussion about why this was sold to anyone who would pay with no oversight at all. Western countries need to do better.
This is a bit of a tangent but I think reports like these strengthen the argument against electronic voting. There's basically no way of building a secure electronic voting system that can beat the security and auditability properties of old school pen and paper voting.
And what were GCHQ, MI6 and NCSC doing to protect our prime-minister
at this time?<p>We have a problem in democratic nations. I've written about it here
[1]. Bruce Schneier has also addressed it in his own way.<p>Our lack of any framework for civic cybersecurity is a disgrace.
People in future ages will look back on our time as a wild-west.<p>A solution can only come from a ground-up awareness through education.<p>[1] <a href="http://www.icicte.org/assets/icicte2019_5.4_farnell.pdf" rel="nofollow">http://www.icicte.org/assets/icicte2019_5.4_farnell.pdf</a>
There is a point being totally missed in this thread and that is the UK government basically ignore all security common sense and do absolutely incomprehensible things like discuss national security over WhatsApp and Zoom, as a British citizen, in my eyes this absolutely amounts to treason as they're knowingly potentially giving away state secrets, anyone else would be instantly jailed.<p>UK government and any departments discussing sensitive matters (or everyone, really) should not be using a) off the shelf phones, and b) should not be using public communications networks full stop, nevermind foreign communication platforms.
I'm curious about the threat modelling of those high level officials. With all these hacking going on, if feels like it's not been a consideration.<p>Pegasus claims iOS and Android hacking capabilities, one would expect more specialised communications being used at that level. Car companies provide specialised vehicles for governmental use, I would have expected to see specialised iOS or Android devices at least. Nothing completely out of this world but with special software configurations and features to detect and prevent attacks.
I don’t feel sorry for them. They are hard at work building a surveillance state and (attempting to) ban end-to-end encryption.<p>I actually see this as a good thing. Getting a taste of their own medicine.
Im a brit, Im not tech expert but I work adjacent to tech. I feel some what smug over this:<p>* If you have nothing to hide, you have nothing to fear is official policy<p>* We aggressively use "tools" like this both domestically and abroad, both for military/intel and for law enforcement with basically no oversight<p>* Our government are basically technic-illiterate. And proud of that in many cases.<p>So this is a train wreck of their own making.<p>The only thing making me sad is that it will have zero effect.
Obviously this news is a bit embarrassing for both the UAE and the UK, but if the UK's response isn't to press the UAE for a reciprocal no-hacking treaty, then presumably the UK is trying to keep its options open. Unless I'm mistaken, the UK isn't surprised that it doesn't have any treaties with the UAE prohibiting this sort of thing... live by the hack, die by the hack.
For anyone interested in the topic of Pegasus and NSO, there is a great New Yorker piece about them from yesterday.<p><a href="https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens" rel="nofollow">https://www.newyorker.com/magazine/2022/04/25/how-democracie...</a>
As appalling as this intrusion is, I can't help but feel there is some measure of propriety that it should be done to a nation taking advantage of its impressive technological legacy to eavesdrop on most transatlantic communications, and scheming and hacking to subvert the communication infrastructure of friendly countries.
Not that "what goes around comes around" is going to fix anything in this regard...
UAE hacks UK give officials using Israeli cyberterrorism software and there are no consequences?<p>I'm sure Abraham would be proud to have had his name attached to essentially a weapons contract masquerading as a peace deal between two evil governments.
The question is then what phone exists that is immune from this? A flip phone? A Nokia 1011? I might be completely misinformed but seems like SIM card and the underlying OS is vector. What happens if I use a cell phone from late 90s and early 2000s? What is there to hack with those flip phones? JavaME over the wire? What if the cell phone dates even further?<p>Legitimately curious what options is there. Could If you are someone of interest then it seems like having a smartphone is an automatic liability. What then solution is possible since sending and reading a simple text message is enough to escalate privilege?
Was it the phone provided and secured by the government or the off the books phone they have WhatsApp groups on?<p>If it’s the first then security services have a problem. If it’s the second then those individuals have a problem.