this post was submitted on 16 Jul 2024
322 points (100.0% liked)

Technology

69658 readers
2782 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
322
It’s never been easier for the cops to break into your phone (www.theverge.com)
submitted 9 months ago by [email protected] to c/[email protected]
90 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 9 months ago (8 children)

Easier is a very relative term. It’ll be really expensive to use a genuine zero-day to do it. Such exploits are few and far between.

[–] [email protected] 10 points 9 months ago* (last edited 9 months ago) (5 children)

How is it expensive? It is if it eqates to the zero day becoming of public domain, and this is not the case here. They can say they guessed the password while in fact they exploited some unknown vulnerability...

[–] [email protected] 3 points 9 months ago (4 children)

Zero days are extremely expensive costing in the millions of dollars even if you’re not publishing exploit details. Just using it is extremely costly because each attempt exposes your bug to the world, which is an opportunity that it could get caught and patched. Android and iPhone both have mechanisms to detect and report crashes which could easily cost you your bug. Plus, on the exploit markets, a bug that hasn’t been used is worth more because there have been literally zero days of opportunity to defend against it.

There is definitely a cost to using something that expensive and that requires a necessary level of risk. You’ve got to be worth it, and the supply of such bugs is extremely low and sometimes zero depending on your exact software version.

[–] [email protected] 2 points 9 months ago (1 children)

to be fair to the incompetent people in law enforcement, I do believe "trying to kill a presidential candidate slated to win and being a millimeter away from getting it done" would justify relying on a 0-day.

[–] [email protected] 2 points 9 months ago

Indeed. That's a pretty motivating reason.

load more comments (2 replies)
load more comments (2 replies)
load more comments (4 replies)