DeepL Translation: According to documents obtained by Disclose and Der Spiegel from European institutions, the Swedish company MSAB has provided the Moroccan police with a software called XRY capable of unlocking all types of smartphones to extract data from calls, contacts, location, but also messages sent and received by SMS, WhatsApp and Signal. As for Oxygen forensic, domiciled in the United States, it has delivered a data extraction and analysis system called "Detective". What makes it special? Bypassing screen locks on mobile devices in order to extract information stored in the cloud (Google, Microsoft or Apple) or secure applications on any phone or computer. The notable difference with Pegasus software is that both software require physical access to the mobile device to be hacked, and do not allow remote monitoring.
Both XRY and Oxigen are AFAIK "common" and "established" forensics tools, unless the versions provided to Morocco are "special" there is nothing particularly "alarming" or "new/revolutionary", let alone "secret" about them,
I fully expect authorities from any countries to try to get evidences from physical access to electronic devices in the case of criminal investigation. Just like they can go into ones house and open safes with a torch if a judge allows it.
The problem is mass surveillance, not getting data about someone under arrest.
Of course, I unfortunatly also fully expect them to abuse that and use it outside of criminal investigations, without the knowledge of said person.
Apple may state that their enclave is secure, the existance of such tools and the fact they were part of PRISM hints that they are like all others: open to those with a lot of resources.
The manufacturers do their best to protect the users, but when it comes to criminal investigations there are tools[0] that can often make access to smartphone (or computers) data possible.
These tools are often prohibitively expensive and/or only licensed to LEO's (Law Enforcement Officers) and cannot unlock/access "everything", so there is no real "privacy risk" connected to them unless you are charged with a criminal offence and/or arrested.
To give you an example there are cases where an iPhone can be unlocked by two (AFAIK) different tools, one is made by Cellebrite that charges an awful amount of money for each unlock, and the other is Graykey that wants as well a lot of money but you can buy the "unlimited" option:
both are only given to authorized investigators (Police/Government) only.
Of course it is possible - in theory - that someone malicious manages to get their hands on one of them and then proceeds to steal the phone from you, and then can afford to spend anything between 3,000 and 10,000 US$ to unlock it and access your data, but I find it improbable.
[0] until the manufacturer patches (if patchable) the vulnerability, and then the race starts to find a new one
Bit of clickbait title, from the article it's not clear at all what the news is, Morocco already has Pegasus (from Israel) that works remotely, these new software are much less powerful and require physical access to the device, but once you already have physical access, it's game over.
Of course, even if the article make it sound like a scandal, exchange of anti-privacy software for catching human traffickers [1] is not announced in a worldwide press release, it would defeat its purpose
[1] from the article
Objective of this technology transfer financed from the budget of the EU's "border management program for the Maghreb region": to fight against irregular immigration and human trafficking at the gates of the EU.
It's the only African country with a land border to the EU so there's a point. There was a major incident with almost 40 dead at one of these borders only months ago.
I also don't like the framing of migrants and drugs in the same sentence as both issues are ethically very different. But both are driven by organized crime groups and the migrants are victims too. The traffickers take them for all they're worth. It's a problem that needs to be fought.
I was talking about the enclaves yes. Why don't they count? They are regular targets for human trafficking and drug activity. Many people have died in trafficker-incited border incidents.
I know they can't readily travel to Spain from there but I guess the idea is that they apply for refugee status once they're in. And they are part of the EU.
They are physically separated from EU mainland, they are exclaves.
As said once you manage to get inside one of these extra-territories you are technically on Spain teritory, but you have NO access (without a boat) to Spain (or the EU).
As an example, if you manage (from Morocco) to enter one of these you cannot be chased by the Morocco Police (that will stop at the border) and you can - say - ask/apply for asylum, but if this is denied the Spanish Police will bring you back to the border and put you in the hands of the Morocco border police.
And it is not like any "mainland" border that you can escape anywhere, these territories are tiny and you have no ways to go other than sea or Morocco.
Same goes for drugs, congratulations, you managed to bring some hashish in Melilla, if you manage to sell it there, good, otherwise you won't be able (easily) to bring it to Spain.
Most of the "drug activity" is on the beaches of Spain, around La Linea, Campo de Gibraltar and Algeciras:
The primary distinction between Pegasus software and other software is that in order to hack a mobile device, the hacker must have direct, physical access to the device. Pegasus software does not provide remote surveillance.
I am reading in the airport after leaving Morocco. A couple of days ago I received a weird spam SMS message (coming from an iCloud account) that i’ve never seen before. I didn’t open the messages as I know about Pegasus and my senses started to tingle.
