John Scott-Railton Profile picture
May 10 4 tweets 2 min read Twitter logo Read on Twitter
Real talk: popular encrypted apps are a major target for zero-click exploits.

An untested video calling stack pushed onto the devices of the most influential ppl in the world w/ built in discovery + Twitter's threadbare security team = disaster waiting to happen.
Encrypted calling apps are great targets for a lot of reasons.

They are on many phones + typically have good user discovery features. And many other exploit-friendly surfaces around call handling, handshakes etc.

NSO's #Pegasus etc got onto phones via WhatsApp, iMessage, etc.
In the 2019 #Pegasus breach of WhatsApp, the company was thankfully watching logs. They spotted, investigated, notified victims & sued NSO Group.

Similar story w/Apple.

In both cases a world class threat intelligence & security team was in the house.

But chez Twitter?
Putting it in simple terms: Musk's video calling on the Twitter app may introduce some funky new risks.

Sophisticated threat actors will be watching & probing.

But I'm just not convinced Twitter has anything like the chops to match them.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

May 10
NEW: Assange ally who once processed payments for WikiLeaks now masterminds a global phone surveillance system.

Andreas Fink helps shady actors & governments track phones, intercept texts & compromise accounts.

It gets worse 1/

By @cr0ft0n & @omerbenj
haaretz.com/israel-news/se… ImageImageImageImage
2/ This is Mexican Journalist & editor Fredid Román Román.

He was assassinated last August.

Hours before the murder, his phone was pinged & poinpointed using a loophole in the global telecom system (commonly called #SS7).

So, who was tracking him? And who was helping them? ImageImage
3/ Andreas Fink gets access to the world's phones through Global titles in far flung places, like Fiji.

One of them was used to poinpoint the slain journalists phone

Fink alleges he'd recently lost access to that title..

Without a criminal investigation, we may never know. Image
Read 8 tweets
May 9
NEW: European Parliament's @EP_PegaInquiry
has issued their final report.

Urges #EuropeanUnion towards stronger regulation. Calls out several abusers.

Good thread on highlights👇 Image
"strategic campaign to destroy media freedom" in 🇭🇺 #Hungary.

"a system for the surveillance of the opposition...designed to keep...the government in power" in 🇵🇱#Poland

The @EP_PegaInquiry PR is not mincing words about #Pegasus #spyware abuses in the 🇪🇺#EU Image
The @EP_PegaInquiry also raises serious questions about spyware abuses in 🇬🇷#Greece & 🇪🇸#Spain.

It's clear: spyware is a European problem. Image
Read 7 tweets
Apr 27
NEW: Twitter basically stopped fighting gov demands for censorship & surveillance under Musk.

Shameful.

Nightmare for freedom of expression.

And dangerous to dissidents, opposition parties, human rights defenders etc.

By @russellbrandom
restofworld.org/2023/elon-musk… Image
Ugh. Looks like Governments have figured out that Musk isn't saying no to censorship & surveillance demands.

And sure enough, Twitter is getting masses more requests.

Cannot overstate how bad this is for democracy around the world. Image
Elon Musk's Twitter pushes everyone to supply more info.

Including human rights groups. Dissidents.

And opposition parties.

What happens today when a gov comes asking for all that data?

Yet another way that Twitter is breaking trust with users.

Bleak.
Read 7 tweets
Apr 23
Musk chaotically "gifting" blue checks looks *exactly* like the arbitrary system he claimed was in place before.

The only difference?

It's no longer a process, it's Musk's personal power.

Which has always been the point.
Nowhere does Musk explain how long the 'gifted' subscriptions will last.

His message to celebs & notables: "Pay attention to me. I gave this #bluecheck to you. And I can wipe it away."
Most of the world sees something familiar in Musk:

Man takes power saying the system is rotten.

Promise to tear it down & rebuild better.

Instead, break things, reward friends, and consolidate power around himself.
Read 4 tweets
Apr 22
NEW: @POTUS' recent executive order has some commercial #spyware companies publicly fretting.

Good.

Pumping the brakes on reckless proliferation is the goal.

By @InesKagubare ft @james_a_lewis
thehill.com/policy/cyberse… James Lewis, a senior vice ...
2/ For *a decade* the commercial #spyware industry told the world that it was capable of self control.

The big players even paid an army of ex US officials to beat back regulation.

Instead, they fueled a global hacking crisis & eroded US national security.
3/ Many Ex US officials took #NSOGroup cash.

Mike Flynn, Tom Ridge, Juliette Kayyem, Jeh Johnson, Rod Rosenstein, etc.

And while they were doing that?

At least 50 🇺🇸 officials got targeted.

Countless more among our closest allies.

By @drewharwell
washingtonpost.com/technology/202… ImageImageImageImage
Read 6 tweets
Apr 20
I can practically *feel* the coming uptick in scamming. ImageImageImageImage
This is absolutely fine. ImageImageImageImage
What could go wrong? ImageImageImageImage
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(