I'm curious about the threat modelling of those high level officials. With all these hacking going on, if feels like it's not been a consideration.
Pegasus claims iOS and Android hacking capabilities, one would expect more specialised communications being used at that level. Car companies provide specialised vehicles for governmental use, I would have expected to see specialised iOS or Android devices at least. Nothing completely out of this world but with special software configurations and features to detect and prevent attacks.
>with special software configurations and features to detect and prevent attacks
I could imagine a special build of the OS where everything was compiled with Address Sanitizer. You'd take a bit on performance and battery, but, tradeoffs.
;) always a scandal. When Dems do it.. Politicians of both parties routinely use apps like wickr and signal. often illegally not following records keeping laws.
I know obama had a special blackberry made so he could use email on mobile.
I'd be surprised if the federal government hasn't created a mobile version of SIPRNet yet?
I work in politics (low level compared to these elected s). most of the committees use signal + email 2fa or similar now. But that does nothing against sate sponsored hackers with 0 days. Maybe rotating burner phones and chat platforms would work better, but probably not worth it for the vast majority unless doing something sketchy.
I would guess the best approach is to try to have as small an attack surface as possible, meaning as few applications etc, and the simplest possible operating system.
Like for example a minimalist build of the PinePhone with software that literally never updates unless there is a security issue. Maybe something like a stripped down Slackware, or I was gonna say OpenBSD where even the proprietary hardware drivers are re-written to be open source (and free), but I guess for the PinePhone, the hardware is already open anyways.
My headcanon at this point is that the spymasters know about the security binary[0], and have decided that the threat of going dark is worse than the threat of getting pwned with their own NOBUS[1] exploits. Better to have everyone be vulnerable.
I do know at one point Apple had special Korean iPhone SKUs with no physical camera installed, I have no clue if those are still being made. Samsung probably did the same thing. The problem is that, aside from just removing hardware, there's no particular special software configuration that you can do to make the device more secure. Every good idea out there is either already being done on the consumer versions of these devices, or is an optional feature you can already enable on a stock device with MDM software. The security on phones is already pretty good, albeit at the cost of freedom for enthusiasts and tinkerers.
[0] Binary as in gender, not as in untrusted.
[1] US intelligence term that stands for "NObody But US" and is equivalent to "0day".
Perhaps they hacked honeypot devices and were thus fed disinformation. UKG has mounted such operations (some with high level of sophistication) since 1945 at least.
The RCMP had access to all the encryption keys for the blackberry messaging back end :). They could basically access any message that was sent through RIM servers, and used that access pretty often (sometimes at the request of foreign governments).
Pegasus claims iOS and Android hacking capabilities, one would expect more specialised communications being used at that level. Car companies provide specialised vehicles for governmental use, I would have expected to see specialised iOS or Android devices at least. Nothing completely out of this world but with special software configurations and features to detect and prevent attacks.