• @dhork
    link
    English
    17 months ago

    Nothing in your links above indicate that the spyware operates while the phones are powered off (although I relied on a crappy translation of the French). Could spyware mock the shutdown process so that it looks like the phone is powered off while the phone is actually running? Sure it can, but the victim will be tipped off when the phone’s battery is being drained even while it is “shut off”. (And someone who is paranoid enough to shut down their phone would pay attention to that.) . It seems like it’s not worth the effort.

    • merde alors
      link
      fedilink
      English
      1
      edit-2
      7 months ago

      read, listen to people that were spied on using the pegasus software. Easy to find

      i don’t know if you’ve met any real activists, militants in your life but they’re rarely geeks. And checking the battery of their phone or reading about battery life isn’t one of their priorities

      • @dhork
        link
        English
        17 months ago

        Yes, info on Pegasus is easy to find. And never says Pegasus is active when the phone is powered off. It’s undetectable and insidious in what it can grab, but at no point is there any reference at all to being active while the phone is powered off.

        https://en.m.wikipedia.org/wiki/Pegasus_(spyware)

        If you have a reference that states otherwise (that isn’t written by an AI), please supply it. I’ll be happy to give up on this if someone can prove their point.

        And that is because it is way too easy to detect when the phone is off, not only because of the battery drain, but because the radios would be transmitting when they shouldnt . Plus, persisting across a reboot requires some trace of the Trojan to be on physical storage, which is more likely to be found on a scan.

        I am assuming that when a state-level actor is hacking a phone, they are targeting a person directly, and know how to get the Trojan on undetected. Their main goal will be to continue to siphon data off it while it is in use. It’s not worth the risk of detection to track it while it is off (and not being used, after all.) Don’t you think they would prefer to use the same method they used the first time to infect the burner phone that’s actually being used?