-
Russia appears to be targeting journalists with spyware known as Pegasus.
-
Pegasus is a “zero-click” software, hacking phones by sending texts that don’t need to be opened.
-
The software has targeted dozens of journalists, activists, and politicians in recent years.
As much as I want to believe this is effective, all it looks to do is turn your phone into… a phone.
If they can get cell records, they can track you.
SMS isn’t end-to-end encrypted, once it leaves your phone to the network it’s fair game. Given that Russia controls Russian Telecom, you can be fairly certain that a phone call and an SMS are monitored.
At that point, you’re left with the old school one-time pad. And I can bet on Russia being Russia, so if they see a one-time pad in use, they’re just going to pick you up and beat you
to deathuntil you talk.Which is why these people don’t use sms or standard calling. They use something like Signal.
Signal is great but if the phone itself is compromised it won’t help much.
Lockdown mode was released as a countermeasure specifically against Pegasus the first time it made the rounds as it disables many ways that are commonly exploited as the initial vector point - mainly attachments, links and previews in texts, as well as certain complex web browsing technologies.
I’ve had Lockdown mode on since it’s been released. I miss having 2FA code autofilled from text messages, and there’s the occasional website that’ll need to be whitelisted as it may display an emoji instead of a custom font… but aside from that, it’s barely an inconvenience.
Your telco is always going to be a weak point in a scenario like this, but better that than your phone because a hostile actor sent you a text message that embedded silent persistent spyware.