Thursday, 2 May 2024

SIGNAL V. PEGASUS

2 May 2024

Pegasus is a type of spyware developed by the Israeli cyberarms firm, NSO Group ("404 forbidden" if anyone tries to access their website out of curiosity...no doubt I'm already done for...). 

It is capable of infecting iPhones and Android devices, allowing the controller to extract messages, photos, emails, and record calls and secretly activate microphones even.


The technical operation of Pegasus involves "sophisticated exploitation of security vulnerabilities", often "without any user interaction required". Once installed, it can bypass encryption, "offering deep access to the device's contents".

Scary stuff. What are our governments doing about this? This is much more than an invasion of privacy, there are known cases where German members of the Bundestag have been spied upon, and Pegasus is probably used by the IDF to target Palestinians from WhatsApp conversations, through Israel’s Lavender AI system. Do our own MPs and members of Congress even know about this? Is Signal any better?

Signal uses end-to-end encryption to secure messages so that only the sender and receiver can read them, WhatsApp and other chat apps also use Signal encryption. However, Signal stands out because it collects minimal user data. It does not store messages or metadata, such as who is messaging whom.

Signal offers additional privacy features like disappearing messages, screen security (prevents screenshots), and relay-calls that hide users' IP addresses (so a VPN wouldn't be required in this use-case).

The app is open source, ie its code is available for anyone to view, audit, and improve. This transparency helps ensure that there are no backdoors or hidden vulnerabilities.

However, although Signal itself is "renowned for its strong encryption protocols", the security can be undermined if your device is compromised. Pegasus can infect a device at a deeper system level, bypassing app-based security measures like encryption.

Then, Pegasus spyware can access Signal messages and calls, by recording them directly from the device’s screen or microphone before they are encrypted or after they are decrypted, making your device insecure.

What to do? To protect against such threats, keeping devices secure with regular updates to patch security vulnerabilities and as usual watch out for links and attachments, even from trusted sources. 

Perhaps counter-measures are available.

Conclusion: security is an illusion, just don't get too much in the way in the first place. I'm pretty confident that commonplace low-level discussions go unmonitored, after all three quarters of humanity is complaining about this and there are not enough guards to watch us all.

Assume that if they want to monitor you, they can, but on the other hand no point in overrating our importance ... they can't target 3/4 of the world's population!... they'd need an African Beheading Circle to do that.




CONCLUSION

You wouldn't choose Signal for security protection alone, you would choose it because some features that you seek are better performed than on other chat apps.

For example, screen security. WhatsApp doesn't allow you to prevent screen capture, important for banking apps for example, and nor does LINE.

LINKS




0 comments:

Post a Comment

Keep it clean, keep it lean