Hacker News new | ask | show | jobs
by alephnerd 756 days ago
> Just checked are non-Android Linux OSes targeted by this spyware

It's safe to assume that any mobile phone OS will inevitably be targeted. There are always going to be unpatched and uncaught vulnerabilities, and the market for finding these vulns are very hot.

The bigger question is why do you think you'd be vulnerable to attack by a nation-state? If you are that prominent, you are screwed anyhow.

This article by Mickens is fairly accurate [0]

[0] - https://scholar.harvard.edu/files/mickens/files/thisworldofo...
1 comments
greenish_shores 756 days ago
How would you define a "mobile OS" then, to keep the alignment of what you said, particularly this part: "There are always going to be unpatched and uncaught vulnerabilities"?

Everything which can fit into a pocket and has a HTML5 browser?

FYI, I know about how extremely vulnerable average cellular baseband is (and that it would often use unprotected or weakly protected DMA). Let's assume the device in question doesn't have one of these.

link
alephnerd 756 days ago
Good question!

Just about every phone (smart or feature) is running some flavor of Unix (iOS/BSD for Apple, Android/Linux for most other smartphones, and KaiOS/Linux for feature phones).

The 1998 style Nokia brick is functionally non-existent as there is no financially viable demand for a product like that anymore.

The markets that are feature phone driven (much of Africa, poorer regions of South and Southeast Asia) are also heavily WhatsApp dependent, so the mobile OS needs to be lightweight but also support modern app functionality - which lends itself to the embedded Linux use case.

Also, no matter how much you modify and QA code, inevitably some bug will arise, and will be open to exploitation.

link