There was a story from the podcast ‘Darknet Dairies’ where it was discovered that a journalist’s phone had tracking software uploaded to their phone in a zero click text. The target’s phone received a text in the middle of the night that uploaded the software and then deleted any history of the text being received. I think this is one of features of the Pegasus software sold by the NSO Group. And that was 5 or 6 years ago.

I’m pretty sure they’ve broken into my phone a few times.

And got severely disappointed.

Just because they are out to get you, it doesn’t mean you’re not paranoid.

There is no doubt governments hoard 0-day vulnerabilities. We saw that with the Shadow Brokers and Eternal Blue.

When a government says they can’t break into a system, what they are really saying is we don’t want to tell the court how we did this in order to establish the chain of custody for evidence also , we don’t want the vendor to fix it.

With all that said there are limits. Like being able to listen to your phone when it’s off, or turn it on remotely is just wrong

They can get into most phones for sure, and even if you have GrapheneOS in a paranoid config they can get you if they put in significant effort. They will come at the data from a direction that doesn’t require compromising the phone itself if that’s too much challenge. You need to think about the total attack surface, the phone itself is just one thing. Ultimately it’s about what resources are necessary to get what they want, for most phones the resources are relatively minimal but also most people are not worth the resources to them.

It’s probably not possible to break into them for regular law enforcement.

Give Trumps phone to the Chinese or vice versa and they will probably manage something.

You have to look at jail breaking iOS as one of the most powerful security movements in the history of computing.

Every time a new exploit would come out, jailbreakers would open source it, give out every detail. So Apple could fix it. That made the OS very secure. Like, to the point where jail breaking is in one way no longer possible.

Remember the time when you could jailbreak your phone just by downloading a PDF file? Imagine jailbreakers not open sourcing that but selling it to a shady company or government. Suddenly, every PDF file you get in an email can complete take over your phone.

You’re right - exploits exist that these companies hide from the people and from mobile manufacturers. They do so because they’ve built multi-million dollar models for using these exploits against people they want to target. But is there a universal exploit for all iOS? No. If it were, someone would be loading cydia on it and uploading a grainy video on X or whatever.

Everything can be broken into. IT security isn’t about making a system truly secure, it’s about patching discovered zero-day exploits and poking novel holes so no one else can but you.

Many years ago go I worked for a company as their BlackBerry admin. I also managed their other smartphones. They started an office in Russia.

The Russian government wouldn’t let you use a BlackBerry server, they only let you turn over your creds to a server managed by the phone operator.

I assumed this was because they wanted to see those emails.

They didn’t need to do this for ActiveSync or imap devices like iPhone Android or windows phones.

As long as it remains difficult and rare ….

• Apple and Google regular close vulnerabilities so anything based on those is very temporary
• I’m kind of fine if limited to intelligence agencies for national defense. For example partly brute forcing encryption would take significant time and computing power
• there are no visible indicators that it is being done for police action
• current us administration has no hesitation to do things like that to individuals out of personal spite, yet doesn’t appear to have

It is a facade, but once a method is used it shows their hand, so they save exploits and zero days for high profile targets.

Probably. It is known the the FBI got a number of keys from Apple to open some phones.