| What? Pegasus is not enabled by modem vulnerabilities. The primary vulnerabilities used on iOS phones are in Apple designed and implemented components and the primary vulnerabilities used on Android phones are in Google designed and implemented components. The problem is not that Google and Apple did not have the opportunity to secure the vulnerable components. The problem is that their best teams with thousands of people and billions of dollars are completely incapable of designing systems secure against moderately resourced attackers. They openly admit that their systems are defenseless against attackers with resources. Every single time their security is completely invalidated they make press releases like: "It was a unprecedented attack using never-before-seen techniques by highly sophisticated attackers." implying that they can not be blamed because look, they were "highly sophisticated" and it was "unprecedented" there is no way we could stop that. Even though every single attack is described that way. You would be hard pressed to find a single technically competent security developer in any of these organizations which would claim their systems could stop their systems being totally and utterly compromised and their security completely invalidated by a single, individual, lone competent hacker with a year to work on attacks. A team of 3, forget about it. That is only in the low millions of dollars to completely invalidate their entire security story for all hundreds of millions to billions of systems worldwide. No, the problem is not a lack of accessibility, effort, resources, or focus. The problem is that all of these large companies have failed for literal decades to develop systems secure against competent attackers. And the entire time they have been intentionally deceiving the public into thinking they can even though they know and admit they can not. The solution is to stop believing these perennial incompetents and liars until they present solid, auditable proof. At least then they can not suck all of the air out of the room from people who actually know what they are doing. |
I don't think they tried. One of their main customer is a 3 letter agency which has no interest that the bugs get fixed.