Any country harboring this scum deserves at best a few month to clean up their backyard and laws before facing sanctions.
Depending on which European countries those are, I suspect a few of them won't even need prodding.
For the people working there it may be wise to quit now, because after today they can hardly deny having knowledge their employer is selling software to repressive regimes which those use to spy on journalists among others.
This is utterly incompatible with democracy, morally bankrupt, and prison sentences are appropriate.
It seems like most of these targeted attacks reported on HN are iOS - what’s the reason for this?
The complexity and level of some of these attacks makes it unlikely that the companies couldn’t get into android devices too, so is it just the prevalence of iOS amongst the targets?
Or is it because Google is more friendly to government information requests that means attacks like this aren’t required?
Or is it because android is genuinely that much more secure? Or something else? Would be genuinely interested to know!
I see lots of different explanations here but people seem to have missed the most important one:
ECONOMY!
Let me explain, because you are probably not thinking about the same thing as I am right now:
Android exists on different CPU architectures (ARM, x86, MIPS, ...) and from hundreds of different vendors. Even a single companys devices can differ slightly in what SoC (qualcomm, Samsung, mediatek, intel, ...) they use and what security functions have been added to the OS core. For example Samsung has additional hardware and software security functions in high-end phones. Google has some security stuff that started as software in early Pixel models but are more and more done in hardware or at least dedicated security cores in newer models.
Add to that different android and patch versions and a general tendency among users to ignore updates even when available and you end up with thousands of tiny differences that can make an exploit fail on the target machine.
This type of exploits must be reliable, you can't just spray millions of devices and be happy with a 10% success rate. You have one target and maybe only one chance to get it, as a failed attack may be noticed by the owner and the attackers really don't want that.
So the company has the choice of maintaining one set of exploits for latest iOS or hundreds for different android phones. It is simply not economically viable.
If you'd read through to section 3.1 you'll see that they detail the iOS and Android bootstrap mechanisms. The title doesn't specifically identify which OS was infiltrated though in this case it was iOS.
I'm guessing the reason why iOS exploits receive more face-time is:
1. Apple has advertised their phones as being at the forefront of security, which holds some merit.
2. iPhones have become commonplace among government employess (possibly as a result of point 1). Political exploits are inevitably more in the public eye if it's the tool of most politicians.
It's the same concept as the early days of Microsoft being the powerhouse of consumer operating systems- everyone was using it making it the most lucrative to exploit.
Not sure if I’m alone in this but at this point I’m just assuming there are new Android exploits on a rolling basis so if I did read about one I probably wouldn’t consider it news-worthy.
Far from the most qualified to answer this but it's probably a mixture of market demand, the targets, mindshare and QA.
Higher value targets tend to use iOS more often so their adversaries have more interest in attacking it, and the targets are people who are more likely to come forward if they suspect being attacked.
And given we've heard more of iOS attacks, people likely to be targeted are more on the look out for them, as a bit of a self fulfilling prophecy.
Android is considered a bit of a harder target for these types of exploits (playstore malware doesn't count here), though at this level it's not the most meaningful distinction. Fragmentation does make it harder to use these sorts of things in the android world, as it's a bit harder to do QA against all the possible target devices and probably requires knowing exact model numbers to confirm support before being able to launch an attack. The exploits do definitely exist however, at least for flagship phones.
Another thing to consider is that maybe people have better payloads on android, as you can't quite get away with running "Payload2" on the device from a temp directory when process viewers are available. I'm somewhat unsure that'd actually be a meaningful reason for lack of discovery though, especially when the discovery is mostly done by journalists forwarding suspicious links to citizenlab.
It because Android is actually less secure, the theory is that on android NSO have the ability to delete the traces of their infiltration whereas on Iphone they were unable to do that which is how they got caught.
My guess: most potential targets believe that iPhones are most secure and Apple won't hand over their data. So being non-tech-savvy, "latest Apple hardware + latest iOS" is their best defense.
iOS is uniform whereas there are many popular Android distros with different security approaches (some have an antivirus vendor integrated, or hardened kernels).
Also iOS users tend to be less security savvy, but that's just my impression
I find it impressive that they have managed to capture the payloads in the wild. These are meant to be very hard to record and having a copy will help Apple tremendously.
I think Apple should give citizenlab some generous funding to expand their operations. The more samples they capture the more secure the world will be.
Readit News
Any country harboring this scum deserves at best a few month to clean up their backyard and laws before facing sanctions.
Depending on which European countries those are, I suspect a few of them won't even need prodding.
For the people working there it may be wise to quit now, because after today they can hardly deny having knowledge their employer is selling software to repressive regimes which those use to spy on journalists among others.
This is utterly incompatible with democracy, morally bankrupt, and prison sentences are appropriate.
The complexity and level of some of these attacks makes it unlikely that the companies couldn’t get into android devices too, so is it just the prevalence of iOS amongst the targets?
Or is it because Google is more friendly to government information requests that means attacks like this aren’t required?
Or is it because android is genuinely that much more secure? Or something else? Would be genuinely interested to know!
ECONOMY!
Let me explain, because you are probably not thinking about the same thing as I am right now:
Android exists on different CPU architectures (ARM, x86, MIPS, ...) and from hundreds of different vendors. Even a single companys devices can differ slightly in what SoC (qualcomm, Samsung, mediatek, intel, ...) they use and what security functions have been added to the OS core. For example Samsung has additional hardware and software security functions in high-end phones. Google has some security stuff that started as software in early Pixel models but are more and more done in hardware or at least dedicated security cores in newer models.
Add to that different android and patch versions and a general tendency among users to ignore updates even when available and you end up with thousands of tiny differences that can make an exploit fail on the target machine.
This type of exploits must be reliable, you can't just spray millions of devices and be happy with a 10% success rate. You have one target and maybe only one chance to get it, as a failed attack may be noticed by the owner and the attackers really don't want that.
So the company has the choice of maintaining one set of exploits for latest iOS or hundreds for different android phones. It is simply not economically viable.
I'm guessing the reason why iOS exploits receive more face-time is: 1. Apple has advertised their phones as being at the forefront of security, which holds some merit. 2. iPhones have become commonplace among government employess (possibly as a result of point 1). Political exploits are inevitably more in the public eye if it's the tool of most politicians.
It's the same concept as the early days of Microsoft being the powerhouse of consumer operating systems- everyone was using it making it the most lucrative to exploit.
Higher value targets tend to use iOS more often so their adversaries have more interest in attacking it, and the targets are people who are more likely to come forward if they suspect being attacked. And given we've heard more of iOS attacks, people likely to be targeted are more on the look out for them, as a bit of a self fulfilling prophecy.
Android is considered a bit of a harder target for these types of exploits (playstore malware doesn't count here), though at this level it's not the most meaningful distinction. Fragmentation does make it harder to use these sorts of things in the android world, as it's a bit harder to do QA against all the possible target devices and probably requires knowing exact model numbers to confirm support before being able to launch an attack. The exploits do definitely exist however, at least for flagship phones.
Another thing to consider is that maybe people have better payloads on android, as you can't quite get away with running "Payload2" on the device from a temp directory when process viewers are available. I'm somewhat unsure that'd actually be a meaningful reason for lack of discovery though, especially when the discovery is mostly done by journalists forwarding suspicious links to citizenlab.
Also iOS users tend to be less security savvy, but that's just my impression
Counterpoint 2: There are much more Android devices with outdated versions of Android with known security bugs around than similar iOS devices.
Maybe you just don't need the big guns for most Android phones, so you will find them only on the harder targets.
I think Apple should give citizenlab some generous funding to expand their operations. The more samples they capture the more secure the world will be.
Deleted Comment
Dead Comment