• merde alors
    link
    fedilink
    English
    1
    edit-2
    7 months ago

    let’s put aside everything @[email protected] wrote you; if the French state was trying to legalize exactly this, it must be possible: la validation pure et simple de l’activation à distance des fonctions de géolocalisation de téléphone et autres objets connectés (voiture, balises airtag, montre etc) qui repose exactement sur le même procédé technique que le dispositif censuré : la compromission d’un périphérique, en y accédant directement ou par l’intermédiaire d’un logiciel espion pour en prendre le contrôle à distance.

    source

    wasn’t the scandal about the Pegasus spyware all about this imperceptibility?

    • @dhork
      link
      English
      17 months ago

      Nothing in your links above indicate that the spyware operates while the phones are powered off (although I relied on a crappy translation of the French). Could spyware mock the shutdown process so that it looks like the phone is powered off while the phone is actually running? Sure it can, but the victim will be tipped off when the phone’s battery is being drained even while it is “shut off”. (And someone who is paranoid enough to shut down their phone would pay attention to that.) . It seems like it’s not worth the effort.

      • merde alors
        link
        fedilink
        English
        1
        edit-2
        7 months ago

        read, listen to people that were spied on using the pegasus software. Easy to find

        i don’t know if you’ve met any real activists, militants in your life but they’re rarely geeks. And checking the battery of their phone or reading about battery life isn’t one of their priorities

        • @dhork
          link
          English
          17 months ago

          Yes, info on Pegasus is easy to find. And never says Pegasus is active when the phone is powered off. It’s undetectable and insidious in what it can grab, but at no point is there any reference at all to being active while the phone is powered off.

          https://en.m.wikipedia.org/wiki/Pegasus_(spyware)

          If you have a reference that states otherwise (that isn’t written by an AI), please supply it. I’ll be happy to give up on this if someone can prove their point.

          And that is because it is way too easy to detect when the phone is off, not only because of the battery drain, but because the radios would be transmitting when they shouldnt . Plus, persisting across a reboot requires some trace of the Trojan to be on physical storage, which is more likely to be found on a scan.

          I am assuming that when a state-level actor is hacking a phone, they are targeting a person directly, and know how to get the Trojan on undetected. Their main goal will be to continue to siphon data off it while it is in use. It’s not worth the risk of detection to track it while it is off (and not being used, after all.) Don’t you think they would prefer to use the same method they used the first time to infect the burner phone that’s actually being used?