Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.
The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.
Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.
Is anyone really surprised? Smartphones are the ideal tools for authoritarian regimes – cameras, microphones, GPS, and other sensors in one neat little package, always on the person, ready to be exploited. Of course criminal regimes are going to abuse them, and of course no smartphone is safe.
Windows Mobile ?
They don’t even need this:
Each mobile phone has two separate operating systems (actually three, there is another one for the SIM card, but let’s ignore that for the moment).
The “baseband” that coordinates the communications functions runs on an isolated stack, and talks via a modem like interface. They are usually opaque blobs, and can basically do anything they want under the hood. What is more, they would have DMA access to SoC (but not the other way around), so they can poke around main memory.
The good thing is there only a few companies that design the baseband software, so it is not wild west out there. The bad thing also is there are a few companies, and you cannot choose yourself. If they have a backdoor, they will not be publicized (easily).
Also: shall you be worried about your phone being turned on remotely?
Answer: probably not. If you are not a high value target, they will not bother spending resources on your cell phone.