Oh no.

  • scottywh@lemmy.world
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    5
    ·
    1 year ago

    /tinfoilhat

    I admittedly stopped reading halfway through but I feel like these newest vulnerabilities being discovered are probably just fucking government back doors the manufacturers have been forced to include.

    /tinfoilhat

    • luciferofastora@discuss.online
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 year ago

      I can’t comment on the general trend, but this specific one seems a bit too circumstantial to be of use for a serious spying effort. You’d have to have the spyware running parallel to the apps usong passwords you want to steal in a specific way.

      The risk exists, which is bad enough for stochastic reasons (eventually, someone will get lucky and manage to grab something sensitive, and since the potential damage from that is incalculable, the impact axis alone drives this into firm "you need to get that fix out asap), but probably irrelevant in terms of consistency, which would be what you’d need to actually monitor anyone.

      If you manage to grab enough info to crack some financial access data, you can steal money. If you can take over some legit online account or obtain some email-password combo, you can sell it. But if you want to monitor what people are doing in otherwise private systems, you need some way to either check on demand or log their actions and periodically send them to your server.

      It would be far more reliable to have injection backdoors to allow you access by virtue of forcing a credential check to come up valid than to hope for the lucky grab of credentials the user might change at an arbitrary moment in time.

    • deranger@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      Check out the documentary Zero Days (2016) if you haven’t already. That’s not really a tinfoil hat take these days IMO.

      • scottywh@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Just means they have to intentionally create new ones to be eventually found for the next generation.