[dylan604]

How come the more I hear about what Israel or Israeli companies can do with our devices makes me just not want to use a device at all? Maybe my tinfoil hat is too tight? Why are they so bold with their abilities while other countries are not? Are they just that much better, or are other nation states just better at keeping quiet?

[Waterluvian]

When you’re weak you have you act strong.

Reminds me how at some point the U.S. was so strong that it didn’t even have to show up to dick swinging contests anymore. No military parades and the like, which feels antiquated and kind of embarrassing when you see the Russians or North Koreans doing it.

Though the Americans are into military parades again… hmmm…

[tdeck]

I think the boldness is a combination of 1) marketing to governments and organizations around the world and 2) knowing there will be no consequences either domestic or international for what they do.

[bigyabai]

You probably took your security for granted? I'm being perfectly serious, RCEs like this are table-stakes for modern cyber-warfare.

[spwa4]

A state (or a carrier, in theory), doesn't need RCEs to do this. In every phone, the "actual phone", what talks to cell towers, is a separate system called the Baseband. It is a full computer, storage, memory, encryption, ... and it is under the control of carriers and through them of law enforcement and the like. It is also where the microphone and mostly the cameras are connected. The baseband then passes them through to the UI, like android or IOS. It's how carriers enforce disabling wifi when mobile data is active unless you pay extra, for example.

But it can copy the sound of a phone call to separate channels, or copy the data being sent (even on wifi), or it can activate emergency messages or broadcasts. It can also transmit audio and video when the phone is not actually in a call. That sort of thing.

In practice there are a great many different basebands and of course most states couldn't be bothered to actually write a decent system to use them (well, they tried forcing carriers to do it for them, but anyone who ever worked at a large carrier on a big project can tell you how that went), so only lowest common denominator features are in practice accessible. That means location and getting audio. But nothing is stopping countries from implementing more. I bet the NSA has something with a lot more features, for example.

[gruez]

>and it is under the control of carriers

No, the only part where carriers can run arbitrary code is on the sim card, which can only run javacard applets.

>It can also transmit audio and video when the phone is not actually in a call.

Source? AFAIK both iPhones and Pixels have discrete modems, which means the baseband is separated from the main processor and communicates with it via some sort of bus. It's unclear how the baseband would be able to get arbitrary audio/video when it's isolated in this manner.

[spwa4]

Look obviously the baseband is under control of carriers. That's required since they manage spectrum, you know AT&T's "one phone could disrupt service for an entire neighborhood" argument. Which is true, btw.

This includes the power to upload code to decide which channels and timing to use.

Then it was decided to use this for law enforcement, and so audio was routed through the baseband. Other things were for carriers, like SMS management (including deleting SMS that were already shown to the user). Both to prevent apps from listening without the baseband's agreement AND to listen in without agreement from the apps.

The limit on this is that there's already many different basebands, and of course neither carriers nor states could be bothered to actually implement the backend necessary. I'd bet good money the NSA has one though.

[solarpunk]

Cyber-warfare probably shouldn't involve the entire civilian population's phones.

[_aavaa_]

If factories filled with civilians are fair game for conventional attacks in total war. Why not cyber attacks on cell phones and electronics needed by the civilians to do those same jobs?

[yonisto]

The later. While I applaud Israel capabilities the are not unique. USA and china has more mony, talent and access to the hardware/software that is actually used to build the networks

[tonyhart7]

both

1. israel cyberarmy is just better

2. they dont need to hide it anymore (where US and china do it may gain unnecessary publicity)