Why is this surprising? This is what happens when you ban a specific brand of software or a supplier rather than the activity that their tools are used for.
Clearly there was and is still demand form TLAs for this kind of software and services so people who want to get paid will just rebrand or produce an alternative.
It's a very common comment made here. If someone is already familiar with the topic of an article, it means that apparently the article is useless, because its content should already be obvious to everyone.
It's emotionally manipulative, that's what it is. I downvote most content that feigns surprise or uses other manipulative phrases like "should be ashamed", and I suggest others do, too - it'll be better for the health of HN.
I could only find this. So it's definitely a different company.
> Paragon Solutions doesn’t have a website. There’s very little information at all about them online, even if the Tel Aviv-based smartphone surveillance startup’s employees are all over LinkedIn, more than 50 of them. That’s not a bad headcount for a company that’s still in stealth mode.
How viable is it to create an operating system that is sufficiently bug-free and hardened enough to withstand even the most daunting of government adversaries?
I think you'd also need to build hardware for that end, given e.g. Intel's Management Engine operating at Ring -3, and having a whole string of known exploits.
Protecting against these vulnerabilities involves a lot more than just the OS. On this topic, see this incredible multi-step exploit from Google's Project Zero team, which goes from exploiting the Wi-Fi firmware to eventually gaining read-write access to the entire memory: https://googleprojectzero.blogspot.com/2017/10/over-air-vol-...
> During our research, we explored several components, including Broadcom’s Wi-Fi firmware, the DART IOMMU, and Apple’s Wi-Fi drivers […] We’ve also seen how the iPhone utilises hardware security mechanisms, such as DART, in order to provide isolation between the host and potentially malicious components.
Companies like NSO Group are certainly capable of developing exploits of this complexity, as Google's team has shown. Their analysis of NSO's FORCEDENTRY exploit showed NSO building a mini-VM from scratch within a little-known image codec used by the iMessage PDF engine: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...
It is extremely difficult to defend against teams that have this amount of skill and dedication.
Reading Pegasus[0] was terrifying, and yet that second exploit link is so exciting and awe inspiring I fluctuate between admiration and terror. IIRC governments like the Saudi's offered Ronaldo levels of money to some of NSO's engineers. Extremely difficult to defend against them indeed...
Very happy that book on NSO has made the waves it has in my political circles. Everyone needs to be aware of the security/safety climate journalists, and anyone who wants to challenge governments/capital in any meaningful way are facing.
Any more links like those? Fantastic stuff. Should I just be reading Google Project Zero's blog? I've recently found offensiveCon thanks to hackernews.
Time and money. These groups are funded 8 hours a day, 40 hours a week, per person, to dig into your code and find problems to exploit. Unless your place of work has an even bigger security team, you have no chance.
You can just start with one of the existing ones that have been validated such as GEMSOS [1] which is offered by AESEC [2] which was certified to TCSEC Class A1 by the NSA according to the Orange Book standard or Integrity-178B which is offered by Green Hills Software which was validated against the SKPP of the Common Criteria [3] (the Common Criteria being the current preferred security standard framework used by most countries and validated against by basically every company).
Being certified against the SKPP required a multi-month NSA penetration test with full source code and design specifications to discover zero deficiencies [4] so qualifies against the standard you are proposing. The certification was done at the behest of the DoD for the F-22 and the F-35, so you can be reasonably certain it was not a false certification by the NSA to make sure the premier fighter jets of the US are vulnerable.
You can also look at some of the other certified systems linked here [5] though I am not sure which of them are still commercially viable or even functional on modern hardware.
If you just want to run a minimal web server and ssh on typical server hardware? Probably doable today.
If you want enough infrastructure to, say, run a browser on one of thousands of undocumented processor models built by some company you've never heard of? Not gonna happen.
Hard. Look at the work that went into SELinux. And that is not perfect. There are provably correct programs, but designing software that way will take a lot more time, and a lot more money. The problem here is not technical, we could do it. The problem is that time to market and money are higher priority than security and user privacy for most companies.
Educating and motivating users to use the features of such an OS in order to maximize its security (e.g., capability bits)?
So much harder. This is, in my opinion, the more insurmountable problem. Most users have no idea what a window manager is, much less how to change their window manager. Security requires someone to set the capabilities allowed based on what's needed, with fine grained security controls. That takes more time and effort. How many of you have deny all on site permissions in your browser, and only enable the ones you need for the sites you need them for? And we are the technical audience.
It is literally impossible with today's software engineering tools. If you want real computer security, we need to rebuild the industry from the ground up with correctness and proofs from step 1. That looks like formal analysis tools and then engineering tools built upon them. This research area has largely stagnated since the 80s & early 90s since no one actually cares about correctness because it is expensive. Without correctness guarantees, you cannot have computer security, full stop. All we have are band-aids on top of the gaping wounds upon which our entire industry was built.
So step one of your new OS engineering process is to build a whole new software engineering paradigm, and all of the engineering tools to go with it, from the ground up, based only on research from like a dozen people that mostly ended around 1990.
The move to remove one ring level in intel chips was touted as to decrease complexity of the CPU chip and OS start times. That is not the only reason, there is a security reason as well.
Security is about making it hard on all surfaces to attack if feasible. If an OS hardens kernel to attack, then the attack moves to userland. See how virus and other attacks on BSD kernels work.
So the correct question is in the systems realm, can we come together to hardened both the Kernel and Userland equally?
It would really need to go further than that. Supply chain attacks at the hardware level are very difficult to spot, especially at scale. This is an eye opening talk in the subject:
> How viable is it to create an operating system that is sufficiently bug-free and hardened enough to withstand even the most daunting of government adversaries?
There already exists some very secure operating systems, however that only solves the software part of the equation. Systems need hardware to run, and they come with firmware. Often the firmware itself is compromised, such as the firmware coming with most CPU’s, for example Intel Management Engine[^1], and the AMD Platform Security Processor[^2].
The fact that the DEA is apparently the top purchaser of this spyware tech is unsurprising, although their justification is fairly ludicrous:
> "The DEA did not directly comment, but it has been claimed that the agency bought Graphite for use by law enforcement partners in Mexico to fight drug cartels. A DEA spokesperson said only that it uses 'every lawful investigative tool available to pursue the foreign-based cartels and individuals operating around the world responsible for the drug poisoning deaths of 107,735 Americans last year.'"
Meanwhile, courts just shielded the Sackler opiate cartel members from civil liability for their massive US-wide opiate marketing scheme (they were already shielded from criminal prosecution):
"Sackler family wins immunity from opioid lawsuits, May 31 2023"
Considering the widespread propensity of humans to indulge in the use of various consciousness-altering substances, what you end up with is highly selective prosecution and many instances of the Lavrentiy Beria (Stalin's deputy) quote: "Show me the man and I'll show you the crime."
"Don't do it" is easy to say, but you are the government / law enforcement and drug cartels are murdering your citizens, so maybe that's just not good enough?
Better just add backdoors to the ambient atmosphere in case drug cartels use air.
The thing is, as long as you give the government the door to justify doing shit like this, they will find a justification that will upset few enough people for them to push it through, aka muh children etc.
The only way to win is to literally pursue open source hardware and software exclusively.
>...maybe that's just not good enough?
Perhaps addressing the problem instead of the symptoms could be a way to go?
Decriminalizing responsible recreational drug use would destroy the cartels, as the general public would never trust buying something that could be laced with poison.
Instead of thinly veiled veneer of bullshit smeared over the giant turd that is spying on everyone why not explore these options?
Let me ask the question differently. How many children are being illegally spied on by the government to help "catch" drug cartels?
If I were an ASI though, I would certainly push as hard as possible to get eyes on every organic, by whatever means possible.
Whether it be position tracking via triangulating ambient radiation http://rfpose.csail.mit.edu/ or something else.
It is indeed a very thorny issue. I am not sure any longer what they (governments) are trying, but they've at least tried company bans, export controls, and specific laws, but none of them really work as some countries will still abuse their powers beyond what can be considered legal/legitimate (such as the drug cartel case here).
The Fourth Amendment, however, is not a guarantee against all searches and seizures, but only those that are deemed unreasonable under the law.
As at least one other has pointed out the issue here is not really the tool(s) used to break | search | intercept | etc but the strength of oversight of the use of those tools.
It follows the general problem of police acting in a manner as though outside the law via friendly judges, rubberstamped warrents, and general immunity to prosecution for BadThings.
Some sarcasm, of course, but, nevertheless, President Biden and his alliances are still on the right track; it is just that banning a single company will hardly make any difference.
> In particular, simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.
So does this mean it is wise to turn off iMessage so that all messages come through as text message?
This sort of capability is most useful for off the books surveillance. So no warrant required. Any parallel construction happens later. If you know what your targets are doing in detail then you can just get very lucky. As in: We randomly pulled over this car for a routine traffic stop. Imagine our surprise when we discovered that the car was full of the evidence of a serious crime!
Is this an assumption? We don't have much information into this process so it surprises me that we jump to the conclusion that they're a rubber stamp. Is there any supporting evidence for this assertion?
Snowden files was quite detailed on how the NSA programs targeted at US were barely having any kind of judicial scrutiny and FISA was rubberstamping. I don't see any reason to believe that the situation has improved or that in the other branches of sigint employing agencies it is better.
We would need to know how many requests the FISA courts receive and how many they reject and we would also need to know these numbers for the in-the-open legal system. Even still- if investigators are good at their job they aren't going to give the judge flimsy requests that will get rejected.
I know for example that police often err on the side of caution and request warrants where a warrant might not be required because it's better than being wrong and tainting the entire case.
People will post their tired moral objections(as I used to), but in a world where public information is already heavily monitored, censored and controlled, and where people are already arrested for posting song lyrics or making their dog do comedy sketches, why not just completely let the cat out of the bag and stop pretending we have any sort of reasonable control over our own private lives, thoughts or opinions outside of government, intelligence agencies and public-perception altering mega-corporations? I’m quite serious here. There’s almost no point in fighting at this point.
I would personally like to see law enforcement and intelligence agencies double down on their use of these kinds of tools, but, you know, to catch drug traffickers, terrorists, illegal arms dealers, money launderers, actual criminals who want to harm people, or is that too much to ask?
If Trucker John is going to be arrested for posting something vaguely racist under a Twitter video where 5 guys are brutally murdering someone, why not also catch the actual criminals in the video?
I’m dead serious here. Let’s just accelerate. Make the internet and internet-connected devices defacto public property and allow full access to law enforcement. I’d rather have all this be regulated with oversight, than the alternative.
" I’d rather have all this be regulated with oversight, than the alternative."
Yeah well, that raises the old question: who guards the guards?
As far as I am aware, police and politicians themself, react quite allergic to more transparency (surveillance) for them.
So the only way I would be remotely ok with more surveillance and regulation, is if would apply to everyone and especially to the regulators. Otherwise a clear no from me, I simply do not trust the authorities. And there are still lots of ways to communicate besides regulated spaces. But sure if, you want to be heard by the mainstream, you are going into regulated territory.
This conversation needs to start at a point where we take the status quo of government, intelligence agency and private company operations into account, and not from an idealistic utopian perspective.
Companies or governments with unlimited budgets, zero morals and access to the worlds smartest hackers will always exist. I’m not being some kind of doomer, I’m being realistic.
"Companies or governments with unlimited budgets, zero morals and access to the worlds smartest hackers will always exist. I’m not being some kind of doomer, I’m being realistic. "
Actually, you are not realistic, as no government has unlimited budget.
And yes, we have to work with, what we have. But that doesn't mean we have to make it easy to let the NSA in.
So if they have (something like) a warrant, I am fine with them breaking into someones computers. But it has to be an effort and not just if they feel like it. That would be unchecked power and I am not aware, how that ever turned out fine.
1. It would be abused to hell and back - have you ever seen how people act with power?
2. Wrongdoers will still use covert tools. Cryptography has many forms, one of them is steganography - hiding information in plain sight.
So, what you end up with by enabling this is a totalitarian state, where the most vulnerable are hurt the most. Which is basically what we originally wanted to get away from.
Clearly there was and is still demand form TLAs for this kind of software and services so people who want to get paid will just rebrand or produce an alternative.