this post was submitted on 05 Dec 2024
269 points (96.9% liked)

Technology

60052 readers
3730 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Self-scans reveal that Pegasus, an invasive and powerful spyware that can secretly control phones and track owners, might be more widespread than previously thought. It was discovered on the phones of everyday phone users.

From wikiHow: How to Check Your Smartphone for Pegasus Spyware

you are viewing a single comment's thread
view the rest of the comments
[–] sepi@piefed.social 187 points 2 weeks ago (8 children)

There could be spyware on your phone! Install this shady app to find out if you have the spyware or not!

I wonder if the shady app in the link is the spyware. This would be a brilliant way of getting on to people's phones.

[–] solo@slrpnk.net 49 points 2 weeks ago

Yeah, I see what you mean and on top of that you would need to pay for it.

That's why I added in the description a link with instructions on the free tool designed by Amnesty International's Security Lab.

[–] vhstape@lemmy.sdf.org 28 points 2 weeks ago (1 children)

My thoughts exactly… If there’s a FOSS tool to check, then we’d be talking.

[–] TherapyGary@lemmy.blahaj.zone 4 points 2 weeks ago

Lol I almost linked you to your own comment

[–] sugar_in_your_tea@sh.itjust.works 15 points 2 weeks ago (1 children)

Yeah, I'll just assume that my GrapheneOS install is safe, the checker probably wouldn't work anyway...

[–] eleitl@lemm.ee 1 points 2 weeks ago (1 children)

I haven't checked, does GrapheneOS do reproducible/deterministic builds so that you could verify that the published release matches your image? The boot attestation should not be able to be circumvented, if you trust Google hardware to do what it says on the tin.

[–] sugar_in_your_tea@sh.itjust.works 7 points 2 weeks ago (1 children)
[–] eleitl@lemm.ee 6 points 2 weeks ago (1 children)

Thanks, interesting. I have used boot attestation but not yet Auditor. Hope to have some quality time reading up on the documentation in the coming three weeks.

I'm considering running my own build farm for updates, so maybe I'll write up a post about it if I get to it.

[–] LostXOR@fedia.io 12 points 2 weeks ago

What do you mean??? WikiHow is a collection of only the most reliable tutorials and information. Now be good and install the shady app.

[–] rottingleaf@lemmy.world 9 points 2 weeks ago (1 children)

It worked with antivirus scanning - more than half of Windows PCs have spyware on them their users consciously installed so that it would scan and report what they run.

[–] Squizzy@lemmy.world 2 points 2 weeks ago

All windows PCs have spyware on them by definition

[–] CosmoNova@lemmy.world 3 points 2 weeks ago (1 children)

That's outdated stuff. Pegasus doesn't need phishing methods to get on your phone. It just installs itself when an actor sends it your way. You won't notice it and the only way to prevent it is to not use a phone.

[–] rottingleaf@lemmy.world 0 points 1 week ago

It technically uses various zero-day zero-click exploits to get there. Which is why it functions like a service - they need to maintain relevance of those exploits. Imagine, a whole service of clearly illegal activity, which doesn't get absolutely destroyed simply because it's useful to spy on dissidents.

[–] AWittyUsername@lemmy.world 3 points 2 weeks ago

Nothing like a shading backdoor onto people's devices than a literal Trojan horse such as a virus scanner.

[–] Celestus@lemm.ee 1 points 2 weeks ago

Doesn’t seem like they’d offer the ability to scan an existing backup without touching your device, if that were the case