Paragon: Yet Another Cyberweapons Arms Manufacturer
Forbes has the story:
Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted.
[…]
Two industry sources said they believed Paragon was trying to set itself apart further by promising to get access to the instant messaging applications on a device, rather than taking complete control of everything on a phone. One of the sources said they understood that Paragon’s spyware exploits the protocols of end-to-end encrypted apps, meaning it would hack into messages via vulnerabilities in the core ways in which the software operates.
Read that last sentence again: Paragon uses unpatched zero-day exploits in the software to hack messaging apps.
Fed.up • August 3, 2021 11:28 AM
The threat isn’t the private companies who are exploiting smart phones. The threat is that smart phones are designed to be exploited. This is a Big Tech “Do as I say, not as I do” moment. Big Tech believes they control the world’s data. This is just another aspect of their censorship. Perhaps if Israel was a Big Tech favored nation, they would be allowed to peek behind the curtain like other nations do.
Big Tech fails to accept that so long as they are abusing data, they cannot control who else does so. There are lots of companies that do so. Even household names.
Nokia is re-rereleasing a 2002 2G phone that won’t work with apps. Why? There’s demand for it.
Everyday there’s another article about the shortage of Cybersecurity professionals. That’s entirely hogwash. Various Cyber regulations and frameworks identify Cybersecurity stafff turnover as an indication of potential compromise or lack of cyber hygiene. Turnover reflects badly on employers, not employees. If a Cyber employee leaves a job it is because no one wants to tarnish their resume with a breached employer. That’s career ending. Although Cyber recruiters don’t understand this nor do they get how to assess Cyber candidates. Recruiters interview cyber candidates the same way they interview engineers and sales staff, by assessing their communication skills. Which is absurd. The best Cybersecurity professionals are neurotypical.
But back to data. The biggest reason why an employer cannot find Cyber employees is their online application process. When an employer uses a insecure or (cookie tracking) intrusive applicant tracking system (ATS), most qualified candidates will pass on applying. If an employer doesn’t respect an employee’s security during the application process, there’s no shot that a qualified Cybersecurity professional will be protected while working there. Some of the biggest companies in the world ATS systems scrapes candidates devices. But if you are doing that, then your competitors are too. Compromised employees are compromised employers.
Just like everyone knew that the subprime mortgages were a bad idea, no one was willing to admit that until the world’s economy crashed. So to be upset that Israeli intelligence companies figured out how to scrape data on phones is disingenuous and disregarding that Iran and everyone else does it too.
Too bad there’s no 2G networks left in the US. There’s 1000’s of companies that scrape app data including your alerts and passwords. India and Vermont realizes this and publishes a list with some of them. If you need to communicate something private do it face to face or send a handwritten letter or smoke signals. Any other form of communication is presently not private.