605
Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps
(www.theguardian.com)
this post was submitted on 02 Sep 2025
605 points (98.4% liked)
Technology
74799 readers
2700 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Found an article that says this software is usually in-memory only and restarting regularly will purge it (obviously you could get reinfected): ~~https://www.zdnet.com/article/is-meta-secretly-scanning-your-phones-camera-roll-check-this-setting-to-find-out/~~
Edit: wrong article, someone replied with the correct one
After I didn't see the mentioned content I looked around Zdnet, and I think you might have meant to link this article instead:
https://www.zdnet.com/article/rebooting-your-phone-daily-is-your-best-defense-against-zero-click-attacks-heres-why/
Bad click, it happens. Good article, though. Thanks!
So weird. I don't even remember viewing that article. Maybe it was a link just above my address bar.
Every early morning. Mine is right before my alarm goes off, so the notification sounds just meld.
Also, no one should be using biometric data to log into thier phones. 6 digit pin isn't very obtrusive once you get used to it
6 digit pin will be broken in less than 40 minutes by a graybox. A 6-digit pin is way more vulnerable than someone who uses a 30-digit password + biometrics
edit: sorry it’s instantly in 2025 https://www.hivesystems.com/blog/are-your-passwords-in-the-green
Sure bro, put a 30 character password into your phone every time you want to find the nearest fucking coffee shop.
edit: I guess I should explain. I'm into privacy not necessarily absolute security. If a cop wants in my phone I forgot my PIN. There's no biometric to get into it so he's going to have to get a warrant if he wants anything to actually stick. With face ID he just holds it up to my face. With fingerprint he can force my finger onto the sensor. In the USA, don't know about Europe.
I just needed this info out there, I don’t really care what you do - I just need to make sure Lemmy stays safe and you’re spouting leaky insecurity disguised as best practices.
Best of luck
I think I just leaked a little right now. I don't believe you have a 30 character unlock on your phone. That doesn't make sense on a device someone uses multiple times a day in one hand at like a bus stop or something.
And I'm no security professional, just some dumbass out in the street.
30 characters is like five words. Entirely doable. You can take your favorite TV show, sort character names by some logic and mispell a few of them to make a very strong very long password.
I use a 15 character pw with a mix of upper and lower case, numbers, and symbols, which according to that link is pretty damn good.
On a phone. On the lock screen. Every time.
Nah, I don't buy it.
You don't need to buy it, but I ain't lying. I am 100% a psychotic outlier tho. 😂 The way I see it, this is a computer that is almost always on me with tons of personal information inside. The chances of it being compromised is WAY higher than any other computer I own. I take that very seriously. Like I said tho, I'm a psychotic outlier.
Cool story bro. I'm just out here smokin' endo sippin' on ginanjuice
This means you only enter the password when your phone restarts, you access specific settings, or I think one or two other rare cases. Personally I only need to enter my pin maybe once a week
What, no bro. You give them your shit. Stop doing it, that's all I'm saying
Man, reading must be hard, considering they said 30char password PLUS BIOMETRICS
What the actual fuck>!><!>>!>!
Are you assholes actually inputting 24+characters plus biometrics into your phone to unlock it?
Fuck you, no you are not.
Of course I do. FaceID allows me to input it exactly once a week, sometimes less.
What don’t you understand?
Wait, so you're using faceid but you think you're secure?
Are you stupid?
If you’re in the USA and a cop gets your phone they’re going to pop it onto a graybox and will be digging through your shit up to their elbows. I wish I were wrong
That's fine. I didn't help them.
Hope your high horse can get a job and feed your family when you lose your government career over an edgy Modern Warfare 3 chat lobby
how does my high horse feel when it's riding over you, sub bitch?
With biometrics I only enter it once a week, at the very most. It’s insane to me that people want their phones to be less secure, but best of luck to you and your super secure TSA lock on your phone lol
'the fuck kind of biometric unlock is that? I'm actually curious what you're using.
FaceID on an iPhone
So the cop can just use that FaceID to unlock your phone?
No? I quint-click my power button through my pocket any time there’s even a whiff of sketch. Now biometrics are 100% off. And even if a cop was holding my phone I’d have to open my eyes, keep one shut at all times and after 2 bad scans biometrics turn off completely.
I don’t understand your argument in the least, maybe you could read about how current biometrics work and give me your feedback once you’re caught up?
I heard elsewhere that anything less than powering down can leave data in memory that can be used to hack your device. So while the quintuple click is better than nothing, powering down is better.
Source on that? Because it doesn’t make sense to me
https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-states/
Yes but they have to do it before they beat you up
Has that been shown? Has some MMA fighter not been able to unlock their iPhone after a fight?
Otherwise, nope. Still gonna recognize you.
Idk i dont want to take a selfie everytime I want to check the internet
right?
That's for breaking a bcrypt hash, and I don't believe there's any way to extract the pin hash from a phone since it happens inside a secure hardware layer (like a TPM). If it is possible, the attacker would most likely have to physically destroy your phone to get at it. To bruteforce a 4 digit pin with retry lockout timers, it takes 16 hours to try all combinations, according to a tool I found that auto-enters pins via usb keyboard emulation.
What lockouts? https://appleinsider.com/articles/21/06/22/iphone-hacking-tool-graykey-techniques-outlined-in-leaked-instructions
The linked article doesn’t mention whether it can bypass the max attempt lockout or not. I’m not saying you’re wrong, but the article you linked does nothing to support your claim.
That said, an alphanumeric password is certainly more secure than a PIN, no doubt.
worthless when there's cameras in every corner that record as you unlock your phone all 40 times through the day
Fuck you too, buddy. You're being recorded as you input your absurdly long password into your phone. They probably got it on camera. haha
my password? which one? I very rarely type any passwords in public.. but fuck me for having forethought!
This motherfucker runs to the bathroom to unlock his phone