[2/N] If we needed another proof that we have to fix the broken mobile security permission model, here it is.
NSO's software is actually super easy to catch, but due to the lack of permissions it becomes almost impossible at scale, and NSO only has a single vendor to avoid.
[3/N] This was easy to do for NSO: they simply blocked telemetry, communications, and updates to Apple/Google: and viola! They were set. The vendors had no visibility.
[4/N] The vendors wanted to think there were no attacks, it's great for sales, marketing and aligns well with the "privacy" campaigns: and NSO provides them exactly that.
Vendors, let's stop pretending it's not an issue.
[5/N] It's time to collaborate. In an aspiration for full control, you've created a monster that is now a major risk to democracies globally and a matter of national security in every single country. Rethink your model and your controls ambition - we have to change it NOW!
[6/N] Vendors, you must open up the systems for inspections. We cannot have only a single vendor checking the phones of one billion+ devices. The only way we can fight back is *TOGETHER*.
[7/7] Imagine how many attacks we can find and defuse once every single SOC, analyst, and individual that wants to verify the integrity of their own phone will be able to do so.
There's no excuse not to open up, especially on managed devices.
It's time to #FreeTheSandbox
[8/7] Buyers. esp. of large CYOD contracts: make this a requirement. Demand unrestricted access for your security teams. Require full filesystem RO access, and ability to inspect all running threads. These two small things will help you capture attackers like NSO easily.
• • •
Missing some Tweet in this thread? You can try to
force a refresh