Hacker News new | past | comments | ask | show | jobs | submit login
Pavel Durov listed in leaked Pegasus project data (theguardian.com)
155 points by elies 3 days ago | hide | past | favorite | 47 comments

Pretty tired of seeing people surprised and concerned when they get a look at how the sausage is made like this. Bill Binney in 2002 and Edward Snowden in 2013 should have disabused us all of any pretense of order and justice in this system.

World governments, Big Tech be like: "We are shocked, shocked! to find back doors and spying in here!"

The two work in tandem to facilitate the needs of each other. This is just the new military industrial complex for an age of hybrid war. Not going away any time soon, no matter how we feel about it.

As pointed out in another post today "A key product of ubiquitous surveillance is people who are comfortable with it" [1] All of the revelations with no recourse or reform lead to what we have now, everyone assumes big brother is watching and thats just how big brother wants it.

[1] https://news.ycombinator.com/item?id=27904820

Yes. People don't know and most don't care.

For example, the EU parliament has just recently passed legislation to allow "providers of e-mail and messaging services to automatically search all personal messages of each citizen for presumed suspect content and report suspected cases to the police."

Most people I talk to don't know about this. When they hear it, they're in shock. And then go on living their lives. It's really very intangible to most people.

Source: https://www.patrick-breyer.de/en/chatcontrol-european-parlia...

People don't caring about surveillance is more sinister than it looks. Because most people don't care, the ones who do (out of necessity or choice) stick out like a sore thumb.

"This citizen here, he shows in the cameras, but doesn't appear to have a cellphone/has two cellphones, let's investigate him!"

True… Cause: nothing to hide, nothing to fear, right?

Durov's post from his Telegram channel (https://t.me/durov):

The phones of 50,000 individuals, including human rights activists and journalists, have been targeted by surveillance tools that were used by numerous governments. These tools can hack any iOS and Android phone, and there is no way to protect your device from it. It doesn't matter which apps you use, because the system is breached on a deeper level.

According to the Snowden revelations from 2013, both Apple and Google are part of the global surveillance program that implies that these companies have to, among other things, implement backdoors into their mobile operating systems. These backdoors, usually disguised as security bugs, allow US agencies to access information on any smartphone in the world.

The problem with such backdoors is that they are never exclusive to just one party. Anybody can exploit them. So if a US security agency can hack an iOS or Android phone, any other organization that uncovers the backdoors can do the same. Unsurprisingly, this is exactly what has been taking place: an Israeli company called NSO Group has been selling access to the spying tools that allowed third parties to hack tens of thousands of phones.

Since at least 2018, I have been aware that one of my phone numbers was included in a list of potential targets of such surveillance tools (although a source from the NSO Group denies it). Personally, I wasn't worried: since 2011, when I was still living in Russia, I’ve got used to assuming that all my phones were compromised. Anyone who gains access to my private data will be utterly disappointed – they will have to go through thousands of concept designs for Telegram features and millions of messages related to our product development process. They won't find any important information there.

However, these surveillance tools are also used against people far more prominent than me. For example, they were employed to spy on 14 heads of state. The existence of backdoors in crucial infrastructure and software creates a huge challenge for humanity. That's why I have been calling upon the governments of the world to start acting against the Apple-Google duopoly in the smartphone market and to force them to open their closed ecosystems and allow for more competition.

So far, even though the current market monopolization increases costs and impedes privacy and freedom of speech of billions, government officials have been very slow to act. I hope the news that they themselves have been targeted by these surveillance tools will prompt politicians to change their minds.

>> Personally, I wasn't worried: since 2011, when I was still living in Russia, I’ve got used to assuming that all my phones were compromised.

I know it's fun to slam on Telegram (and for sure its encryption has flaws, I really don't think anyone denies this), but everyone needs to understand the mindset of Durov and what I'm guessing is the mindset of russian-born telegram developers: your phone can be compromised, and easily at that.

I think this is something very important for everyone to remember when the discussion of encryption and messaging comes up.

The level of encryption in transit doesn't matter if your adversary has full access on your phone that can just screenshot and pull local messages of whatever they want.

NSO's ridiculousness hopefully has made it very clear that it doesn't matter which phone/OS you're using; full access to your phone is a salable item for basically anyone with the interest in having it, and this is only the software we know about.

Journalisst, Activists, or even just someone looking for a fun weekend is at risk with modern phones and messaging; it does not matter about tapping the communication in-between if they can just screenshot/copy your phone on the fly.

Be careful about what you use your phone for.

In my previous job I have worked for a company that developed enterprise focused encrypted chat apps. When interviewing potential hires, one of the first general questions we asked was to give a high-level list of possible attack vectors on an installed app and its user data. Very few developers even considered the OS and device themselves as a potential threat, despite these interviews taking place well after Snowden revelations.

If you want to fight the Apple-Google duopoly, consider GNU/Linux smarthones Librem 5 and Pinephone.

Sorry, but Linux phones are a joke. The sad reality is that there is nothing on the market today that provides the security most of us here want.

A backdoored phone IS a joke, like android, or iOS.

Security nihilism. NSO Group would be glad.

There's a difference between saying "bah, it's all insecure, let's just give in to the surveillance", and recognising that there is nothing on the market that actually makes strides toward foolproof security. Remember, a smartphone running the Linux kernel doesn't automatically make it secure just because it's open source.

I love my PinePhone but I can't run WhatsApp on it. I suppose I could use an emulator, but it's slow enough already.

This is a typical problem with the proprietary apps: they can dictate you how you must run them. Not a fault of Pinephone. By the way, Librem 5 is significantly faster.

You shouldn't use WhatsApp. It's a product of a spyware company.

Haha, you're right about that. It's the only method of communication with many people and businesses around here. Which puts it roughly in on a par with the old-school phone network, except that has an oligopoly of spyware companies.

Just curious if maybe you or anyone else knows. Are alternatives OS's such as lineage, postmarketOS, copperheadOS, etc. safe from this exploit?

GrapheneOS is an Android distribution focused on security and it's likely to protect you from this. Read this Twitter thread https://twitter.com/GrassFedBitcoin/status/14168360691237847....

>GrapheneOS is heavily focused on security enhancements making exploitation significantly harder:


>Those other operating systems [Calyx and Lineage] don't improve resistance against exploitation and won't provide more resistance against an exploit working against AOSP/stock.

>If they specifically target GrapheneOS and put work into adjusting their exploit chains and finding new bugs as necessary, then they could certainly develop an exploit working against GrapheneOS. Costs will be higher and they'll usually need to specifically take it into account.

>Firmware exposed to remote attack surface like the radios (Wi-Fi, Bluetooth, cellular, NFC) and GPU is generally a lot harder to exploit than the OS and those components are isolated. It's much rarer and generally involves using an OS exploit to bypass the component isolation.

>Nearly all of these exploits are memory corruption bugs. GrapheneOS does actually provide hardening for firmware through attack surface reduction including the LTE only mode and other features. It can't directly harden firmware, but it can avoid exposing as much attack surface.

>So, for example, with the GrapheneOS 4G only mode enabled, vulnerabilities in 2G, 3G and 5G are not usable to exploit the cellular radio, only those exposed by 4G.

>The radio firmware also does have substantial hardening and internal sandboxing, but GrapheneOS can't improve it.

>GrapheneOS also fortifies the OS against exploitation by an attacker that has gained code execution on a component like the GPU or radio.

>Main hardening we provide is for the most common path of exploiting an RCE bug in userspace and then exploiting the kernel to escape sandbox.

GrapheneOS runs only on Pixel phones which have great hardware security.

Also, DON'T USE CopperheadOS: https://grapheneos.org/history/copperheados

Likely not ; they might be, by chance - but the exploits are often for bugs in places like media parsing libraries (e.g. jpeg decoder), which are not usually modified in those alternatives.

Different compile settings might render an exploit ineffective. But I’d expect any remotely popular Android derivative (e.g. lineage) to be tested by the attacker - and even postmarketOS, which is not Android based, is likely to use some of the same media parsing libraries.

GNU/Linux don't even have a notion of security let alone having anything comparable to even backdoored android/ios.

I think your best bet would be a Pixel phone with GrapheneOS, though I'm not sure whether it was effected here.

Their security model is more reasonable in my opinion: https://news.ycombinator.com/item?id=27908661

Hardware kill switches are unfortunately pretty much useless. For camera it's okay, but a tape is just as good, for microphone, even the gyrosensors can record voice in some quality. And here is the big thing: there is hardly any threat model where blocking the camera would help when the software stack is a burning pile of C buffer overflows from top to bottom. If you can't trust the software to such a degree, then you might as well just not turn on your device. Seriously, what's up with the linux userspace where goddamn gnome initial setup is a C program?! Like, we were okay with lisp code decades ago in more serious things, and nowadays we actually have memory-safe languages with very close to native performance.

But the biggest problem is the lack of sandboxing, and UNIX permissions are way too crude to be of any use. The attacker at worst can't install a video driver, but can easily add anything to your bashrc, or read the content of your browser's cache, etc.

> for microphone, even the gyrosensors can record voice in some quality

Turning off all three kill switches kills all sensors.

Concerning the problem with the C code, yes. But it’s the same problem as with Apple, trillion-dollar company.

You are right, but Apple does try to rewrite most things in memory safe languages and have been doing so for quite some time now. So it is not exactly GNU/Linux.

Looking at this Pegasus thing, Apple did not achieve much.

Ongoing effort != they’ve achieved it all yet.

How long have they been trying with practically unlimited budget?

I agree about ambient authority etc., but I'm typing this in a sandbox which doesn't allow access to .bashrc. (I'm sure it's not perfect.)

I’m no security researcher so do correct me if I’m wrong but I assume you use firejail which is a suid program - a bug here could cause an escape to even become root. And why would you write a sandbox in a memory safe language…

Yes, you're right to be wary of suid, but primarily against local attacks on my laptop. The suid risk for a remote attacker seems rather less than from remote malware without the sandbox. Opinions may differ.

Of course you are correct, it is better than no sandbox, I'm just saying that compared to even the now affected Android, ios OSs GNU/Linux is seriously lacking in terms of security.

How well would putting the phone in a lead box work.

He pivoted the NSO group targeting to Apple-Google discussion, with out any proof that Apple had anything to do with Pegasus.

He wants biggest American companies that world has ever had to open source and loose all the edge against rest of the world, but he runs close source proprietary server software which he wants people to use for secure communication.

Apple is known to hand off whole China iCloud to CCP.

Also they refuse to zero-knowledge (e2e) encrypt US iCloud backups[1].

In San Bernandino shooter’s case, they refused FBI’s request to develop new tools to hack an already locked iPhone.

However I have little doubt they will refuse to sign&push OTA update of a Signal.app or “improved” iOS developed and provided by NSA.

Mercenary who helped Carlos Ghosn, recalled that in the middle of operation, while riding a train, his iPhone suddenly rebooted and started an iOS update[2]:


On the train, Taylor’s phone began an unexpected automatic software update. “The first thing I thought was, I wonder if the NSA knows,” he recalls. “I wouldn’t put anything past them.”


[1] - https://blog.elcomsoft.com/2021/01/apple-scraps-end-to-end-e...

[2] - https://www.vanityfair.com/news/2020/07/how-carlos-ghosn-esc...

> with out (sic) any proof that Apple had anything to do with Pegasus.

Um, bundling a messaging app that parses feature-rich messages sent from anyone in the world using a memory-unsafe language and abusing DRM laws intended for anti-piracy protection to *ensure that no one can uninstall it from their phone* doesn't count as proof that Apple had something to do with Pegasus?

Yes, Durov's assertion that the bugs NSO exploited were intentionally left there by Apple at the behest of US intelligence agencies is presented without proof, and while conceivable is very unlikely [1].

But his assertion that monopoly practices by Apple had something to do with the Pegasus hacks is perfectly accurate given that Messages is insecure, forcibly bundled, and was in fact how many journalists and human rights defenders were hacked.

Durov's point that "it doesn't matter what apps you have installed on your phone" is especially depressing and a direct result of Apple's use of DRM to prevent users from uninstalling Messages. It would be nice if people could install Messages from their iPhones right now. Thanks to Apple, they can't.

[1] Not because Apple wouldn't do it if pressured (we know, for instance, that they caved to such pressure on iCloud encryption) but merely because there are likely so many vulnerabilities to find that the chances NSA, Apple, and NSO were all aware of the same vulnerabilities are very low.

>He wants biggest American companies that world has ever had to open source and loose all the edge against rest of the world

if software is the edge, then it's not solid, imo.

I thought US edge was capital, skilled people who can create insane stuff quickly and engineering culture that enables them

I’m bothered by this Pegasus thing, does anyone have a link to the raw data? I don’t like getting an interpretation of something through the news media anymore. Rather, I don’t trust the news media to provide an accurate or even an honest analysis, and from what I can tell the Pegasus data as it’s called, seems to be something that only the media has access to.

Isn’t the raw data just a list of phone numbers? What would you do with that without further compromising the privacy of the people behind them?

There are security and privacy reasons not to publicly dump leaks like this, and the distrust of the media should be somewhat offset by multiple outlets analyzing the data separately.

That said, I'm unsure how the media could twist "x country spied on y individual." Knowing the types of people being spied on, it should be assumed most people of similar importance are being spied on by someone.

I take your point, but what echoes in my mind is when the Hillary emails were leaked, and people like van Jones were saying no you’re not allowed to look at that, but we the media, we are allowed to look at that. They could redact information, but I lament that my trust in the media is so low that I cannot fully trust it without seeing the raw data myself. Even having that raw data available would give me more confidence in the reporting.

If you had access to the data, how would you verify that Durov's number was listed? Then what confidence would that give you? Trusting an anonymous leak more than the media who vetted the data seems misguided.

What are you going to do with the phone numbers of 50,000 important individuals?

What sort of cost-benefit analysis are you doing that makes you think your right to see other people's PII trumps their privacy?

The indications are on github if you want to check your phone.

Always check for the threat model. I am too insignificant for any government to track. I pay my taxes on time and have nothing to hide.

However, I don't see the argument shifting towards the big tech- they are responsible for giving us the crap operating systems. I genuinely miss BlackBerry 10 now.

Is there any reason to think this list of numbers is actually related to NSO, rather than some other group?

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact