Login
You're viewing the mstdn.social public feed.
  • Jul 9, 2026, 1:16 PM

    Should anyone need to be reminded, once again, from someone who has been doing offensive security for 40yrs: we hack the endpoints, we have always hacked the endpoints, we shall continue doing so.

    Why? It is this incredibly simple concept called ROI, return on investment, it is cheaper, much cheaper, to get the endpoint. Whether it is the phone, the app, the headphones, the microphone, the user being socially engineered.

    Nobody in his sane mind wakes up and goes "we need to crack the double ratchet", literally nobody.

    That we have been unable to communicate this to the EU parliament is an incredible defeat of common sense.

    💬 3🔄 19⭐ 0

Replies

  • Jul 9, 2026, 1:47 PM

    @cynicalsecurity I suspect some law enforcement agency, grounded in the old school telephone recording want to do the same on modern communications (which is quite idiotic for plenty of reasons).

    In the meantime, yes they do end-point compromise, but that's a much higher barrier than just sending a request to a carrier. (Finding and weaponising vulnerable is expensive, and you may need to compartmentalise vulnerable usage not to risk compromising important ops by the implant getting noticed in an unrelated ops).

    Imho, end point compromise higher barriers to widespread deployment is an important feature.

    💬 1🔄 0⭐ 0
  • Jul 9, 2026, 1:49 PM

    @Sobex if it is serious stuff you do an AN0M, if it is intermediate stuff you just use phishing / fake app / etc., if it is low-level then you just use an ancient exploit and it will work.

    It really is that easy.

    💬 1🔄 0⭐ 0
  • Jul 9, 2026, 1:50 PM

    @cynicalsecurity What do you call AN0M ?

    Also depends on the target.
    An up to date smartphone requires recent exploits, your old one tend to get patched regularly.

    💬 1🔄 0⭐ 0
  • Jul 9, 2026, 1:55 PM

    @Sobex AN0M was the "secure comms" network set up by law enforcement to catch baddies which worked really rather well…

    You seem to forget that endpoint includes the user - the user is still substantially easier than the protocol.

    💬 0🔄 0⭐ 0
  • Jul 9, 2026, 1:56 PM

    @cynicalsecurity Cracking encryption like that is for the academics, cracking the systems around it (including humans) is for the field.

    💬 0🔄 0⭐ 0
  • 💬 1🔄 0⭐ 0
  • 💬 0🔄 0⭐ 0