Read on Twitter
Real talk: popular encrypted apps are a major target for zero-click exploits.
An untested video calling stack pushed onto the devices of the most influential ppl in the world w/ built in discovery + Twitter's threadbare security team = disaster waiting to happen.
An untested video calling stack pushed onto the devices of the most influential ppl in the world w/ built in discovery + Twitter's threadbare security team = disaster waiting to happen.
Encrypted calling apps are great targets for a lot of reasons.
They are on many phones + typically have good user discovery features. And many other exploit-friendly surfaces around call handling, handshakes etc.
NSO's #Pegasus etc got onto phones via WhatsApp, iMessage, etc.
They are on many phones + typically have good user discovery features. And many other exploit-friendly surfaces around call handling, handshakes etc.
NSO's #Pegasus etc got onto phones via WhatsApp, iMessage, etc.
In the 2019 #Pegasus breach of WhatsApp, the company was thankfully watching logs. They spotted, investigated, notified victims & sued NSO Group.
Similar story w/Apple.
In both cases a world class threat intelligence & security team was in the house.
But chez Twitter?
Similar story w/Apple.
In both cases a world class threat intelligence & security team was in the house.
But chez Twitter?
Putting it in simple terms: Musk's video calling on the Twitter app may introduce some funky new risks.
Sophisticated threat actors will be watching & probing.
But I'm just not convinced Twitter has anything like the chops to match them.
Sophisticated threat actors will be watching & probing.
But I'm just not convinced Twitter has anything like the chops to match them.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
