I don't have the time, sorry. Too much on my plate! But I (and I apologize in advance for this) can tell you that one of the reasons why I would not have that much time for this is that I don't think it is fundamentally interesting in the face of a sophisticated adversary. Scanning files and memory or whatever is largely irrelevant in the age of exploits that completely compromise the device, all the way to a privilege level higher than where the actual scanner operates. Signatures fall apart if it is very cheap to evade them (and it is, with trivial modifications to payloads). Typical approaches to catching malware do not apply to zero-day attacks. They may sometimes work but my point in the comment above was to point out that this is just luck rather than a sustainable practice. Someone who knows you are looking for them can hide and lie far harder than you can possibly imagine. And if they've broken the system, they can use those very protections that were supposed to keep them out to prevent you from going after them. Kind of like how a castle is designed to prevent people from storming it, up until they actually sneak in and all those defensive measures stop you from retaking it ;)

Yep. The plane image itself (in the article) is a common meme though

I don't know much about the legal stuff you linked but I am generally supportive of most of the things Google is doing to harden Android against CSVs. If you have specific mitigations or policies you were thinking of I can tell you what I think of those (not all of them are necessarily positive) but on the whole the OS has been getting more difficult to hack and I view this as a good thing.

What does CSV mean?

I don't actually think this is true; I just think that waiting for nation-states to show up in your logs is the wrong way to go about it.

I use an iPhone, but that's really more because of personal preference than any particular security posture. I'm not a particularly attractive target for commercial spyware: I'm a guy who likes to post things on the internet, rather than someone with genuine value. I don't interact with and am not in the business of handling exploits. There's not really any reason why you'd want to pick through the details of my private life or silence me. It would be pretty dumb to target me with an exploit, especially considering that I would be more likely than most to find it and burn it. If you have that kind of money to waste, I can think of a lot better ways to spend it than getting my chat messages.

From your question I am guessing that this is a disappointing answer, since you probably wanted me to point to a specific phone and an explanation of why I think it is better. But any honest security professional is incapable of giving you a simple answer. I have a beat-up iPhone 13 mini because I like small phones and Apple is unlikely to make a new one soon. I have Lockdown Mode off because it would make my life more annoying than it needs to be. My threat model does not include sophisticated attackers that would be thwarted by security mitigations present in a new device or paranoid software. Should it be in yours? Well, I can try to help you answer that question. But for these attacks the problem is that 99.99% of people will never be targeted by them. But it's not very easy to tell if you're part of the 0.01% (these are made up numbers, btw). There are a lot of things you can do that can make you more or less attractive–for example, if you're a journalist, or a political activist, you might be more concerned. But what if your cousin you're close to is actually a VP at Google? More difficult to say. If you connect all the dots you can build all sorts of models where you should turn this on, regardless of who you are. But the fact is that security is not free and they almost always come with some sort of tradeoff against usability or cost. You could be mowed down on the street by an assassin tomorrow but that is generally a bad reason to never leave your house or walk everywhere in a kevlar vest.

My general advice for people, taking into account practicality and ease of implementation, is to go with a fairly modern phone of their pick that gets regular security updates, so they're not the subject of much lower-cost attacks that reuse patched vulnerabilities. I know a lot of the people who work on security at Apple and they're smart people who really care about making things that are good. Whether the walled garden accounts for that, or even if I think they always make the right choices…well, I have Opinions on that but that's for another day. They certainly make mistakes, but they also do good work. If you look at Android you'll see similar, with it pulling ahead in some areas and being behind in others. I've done a lot of research on Apple's security story and worked on Android's but I can only really rank them on specific facets rather than as a whole. Really I would say, pick up an iPhone or Pixel, be careful about things that are far more likely to hurt you (like, say, phishing), and otherwise just keep a pulse on this area if it interests you. Otherwise I think you have more than enough in your life to worry about.

the suggestion is whatever you do use it should involve a presumption of compromise as the default posture

All these things increase attacker costs. In the current landscape, increasing attacker costs has the effect of shaking out some of the lower-rent players in the market, which may put some targets out of reach of lower-caliber threat actors.

The problem you have over the medium term is that CNE is incredibly cost-effective, so much so that you need something like multiple-order-of-magnitude cost increases to materially change how often it's applied. The alternative to CNE is human intelligence; it competes with literal truck rolls. You can make exploits cost 10x as much and you're not even scraping the costs just in employee benefits for an alternate intelligence program.

What that means is, unless you can foreclose on exploitation altogether, it's unlikely that you're going to disrupt the CNE supply chain for high-caliber state-level threat actors. Today, SOTA CNE stacks are probably available to the top IC/security agencies† of all of the top 100 GNP countries. It probably makes sense to think about countermeasures in terms of changing that to, like, the top 75 or 50 or something.

I think we tend to overestimate how expensive it is for adversarial vendors to keep up with countermeasures. It's difficult at first, but everything is difficult at first; I vividly remember 20-30 extraordinarily smart people struggling back in 1995 to get a proof-of-concept x86 stack overflow working, and when I first saw a sneak preview of ROP exploitation I didn't really even believe it was plausible. As a general rule of thumb I think that by the time you've heard about an exploitation technique, it's broadly integrated into the toolchains of most CNE vendors.

Further, remember that the exploit development techniques and people you've heard about are just the tip of the iceberg; you're mostly just hearing about work done by people who speak fluent English.

† Reminder that customers for CNE vendors usually include many different agencies, invoiced separately, in the same governments.

These exploits work perfectly well on those platforms. The reason you hear about people targeting them less is that they are easier to target with less sophisticated attacks and also not as valuable to attackers. In the cases they are your Android "root" exploit becomes a Linux LPE super fast.

Are you seriously saying there aren’t exploits on non mobile platforms?

The platforms that have famously had many significant exploits over the years, and are the cause of many major data exfiltration operations?

Are you pretending that viruses and worms don’t exist? Why does forwarding through we have things like windows defender or anti viruses then?

Dumb question, what is SOTA implant?

You make this comment everywhere Pegasus comes up. Half a dozen times on one submission.[1] Can you name some of the other firms we've never heard of?

[1]https://news.ycombinator.com/item?id=42476828

Perhaps it's time to establish an actual Professional Engineer board for "software engineers". This could start with the most safety critical systems, embedded life support code, etc. You then get the other engineering codes/standards to require board-certified programmers for these "critical" systems, and that drives the wedge of larger companies being "forced" to hire engineers who are bound to an ethical discipline. They then would have grounds to stand on for pushing back on shady systems.

“M1 Computers have built-in terrible spyware that cannot be removed (Apple made sure of this).”

Can you say more about this?

Yeah we're not going to stop the state level intelligence services from using these. I'm more concerned about locking out and crimilising the non-state actors and holding the companies libel for their actions.

I think there could be some movement here, but there is certainly a level of protection that national governments are doing for these companies because they want their services.

For me (English audio) the first ~13 minutes clips pretty hard.

You can run WebKit on Linux if you want

One shouldn't use a locked down device to auto share pictures and approve children app install requests. If there is no need for a separate device for sensitive data then one possibly is not a person of interest and doesn't need a lockdown mode. It is not possible to have comfort and security at the same time.

And a sensitive device should not be easily discoverable to gatekeep who can actually send anything to it. This is also renders it unusable for day to day family tasks.

Do you happen to have a full list of what media formats are still working in Messages when in lockdown mode? Does HEIC/HEIF work? (Pardon the question but I just don't have a second iOS device available for testing this myself.)

Nobody has released an alternative browser engine yet, because of the way the app store works (you'd need specific apps you can only install in the EU next to the worldwide version for instance). I'm sure it'll happen eventually, but it doesn't seem to be a priority for browser makers just yet.

I don't actually think there is official API to check if the device is in Lockdown Mode. But to be clear this is an academic curiosity for now as nobody is actually shipping an alternative browser engine in the EU that is being targeted by a sophisticated attack.

Why are more people not saying this? At the end of the day malware is only useful if it can send information out. So its by nature, totally detectable.

My concern isn't so much the high cost super-secret 0-days, as the "about to be useless" 0-days (1-days?) that have just been patched, but the patches are still rolling out to people.

Also, for most people, it's not the cat photos on their phone that are of value. It's the banking credentials, business login 2FA keys, crypto 2FA, email (which allows, for almost all accounts, a password reset), etc.

Apple continues to send out exploit notifications and Lockdown Mode continues to grow to include more attack surface. It seems to be actively maintained, as opposed to a lot of other things that Apple has tried.

Apple has maintained lockdown mode and sent out regular notifications. It's just not announced publicly.

They won't, and they're not expected nor advised to.

I don't think this accurately describes the state of iPhone forensics today.

There is a different opinion here:

https://discussions.apple.com/thread/8282686

Not sure what to make of it.

Is it possible to reach the server side of the Time Machine from the Mac itself? Has such a breach been demonstrated?