For those who think that NSO is the problem - you're missing out the bigger picture:
1. There are many vendors like NSO, not just in Israel. Also in EU, APAC, N. America, and others.
2. Even if NSO shuts down tomorrow: we still have a problem: mobile attacks are scalable.
1. There are many vendors like NSO, not just in Israel. Also in EU, APAC, N. America, and others.
2. Even if NSO shuts down tomorrow: we still have a problem: mobile attacks are scalable.
2. (cont) Once you have created a generic attack-chain, you can infect 1B+ devices. This is too powerful to keep a single barrier for attackers which already block telemetry sharing with the vendors.
3. NSO is *EASY* to find *if* a deeper access is provided to the phones.
Which leads to the bigger problem:
Why we can opt-in to be tracked by ads but can't opt-in to choose our own security apps to run with full privileges on our own phones?
Which leads to the bigger problem:
Why we can opt-in to be tracked by ads but can't opt-in to choose our own security apps to run with full privileges on our own phones?
If 3 would have been solved - NSO and other companies like NSO, regardless of where they operate, would have needed to work really hard to remain invisible.
Right now, it's just too easy for them - Disable telemetry to Apple/Google and that's it.
Right now, it's just too easy for them - Disable telemetry to Apple/Google and that's it.
Simple solution: allow users to choose what software they run and in what permissions. The local-admin concept worked perfectly in MacOS, Windows, and Linux. It should work perfectly in mobile too.
We can start with managed devices if it's easier.
It's time to #FreeTheSandbox
We can start with managed devices if it's easier.
It's time to #FreeTheSandbox
• • •
Missing some Tweet in this thread? You can try to
force a refresh
