|
I think it's safe to say that "you can do" here means "it is possible to, and people do". The risk Facebook would take by pulling a stunt like this is ginormous. See also: Amazon Echo. The consumer and legal backlash would be swift and stunning, and the secret would be impossible to keep. Mobile app decryption is a well-established process. Reverse engineering a large app is tedious, but fully comprehensible. If you're specifically looking for recording (streaming audio out, or spooling to storage), it's much more manageable. Of course there's a danger in assuming that someone, somewhere has already done this (or many someones). ~"With enough eyes, all bugs are shallow" ... sure, if the eyes are open. I don't know anyone who has done this work for the Facebook app, or for the Echo. But there are so many little boutique security firms out there today, and the technical prerequisites are so low...I just don't see how it's possible that it hasn't been done a hundred times. The genuine risk, I think, is that a Corp with all the tooling in place could be compelled by some vaguely legal process in some sketchy jurisdiction, to target an individual of interest with custom code. This isn't hard either. Of course, the "tooling" is minor and any popular app could be subverted usefully in this fashion, so Facebook is not special here. Still, most of us are laughably uninteresting to LE, but proper opsec still dictates caution. |