Leopards ate my face moment?
They're not developing these tools to NOT use them...
1. Most of us in this segment of the industry recognize the risks
2. He is absolutely not the first person targeted by this
3. This article sounds like it's part of a wrongful termination suit by Gibson based on the context provided
> 'I never thought leopards would eat MY face,' sobs woman who voted for the Leopards Eating People's Faces Party.
It is really about a perceptual flaw in pre-fascist democratic behavior: people believing themselves to be a part of the protected class because they voted for it.
It seems to apply here because someone profiting from the creation of tools used on others by people with money/power has them used on him by the government.
tldr; it is a subset of you reap what you sow, with more specificity and punch
Why does he think that will help against a state-backed adversary?
> Why does he think that will help against a state-backed adversary?
What are his alternatives?
I don't really see any alternatives. Do you?
There's a whole continuum.
Other than 2FA, text messaging is easy to get rid of.
You still use it to make calls, so yeah, they can track you that way. You can keep the phone off most of the time, though. People close to me know that they're more likely to reach me by calling my home phone.
What else does one really need a phone for?
Navigation? Do what I did: Get another phone that never has a SIM card and use an offline app.
Camera? The same. But really, life is very doable without a camera to begin with!
The only reason I need a phone is 2FA.
But 100% you can still find alternatives, its just about how much stuff you wanna carry around with you right?
If he's running iOS he can also enabled Lockdown Mode on the new phone to block most types of attacks.
Does that really not make sense?
If you are actually security conscious, the only setup that works is have a public facing phone and a private phone that is custom rooted, de googled, and you control everything that runs on it.
And later,
> Without a full forensic analysis of Gibson’s phone ... it’s impossible to know why he was targeted or who targeted him.
> But Gibson told TechCrunch that he believes the threat notification he received from Apple is connected to the circumstances of his departure from Trenchant ...
I find it funny that (1) this guy never thought this would happen to him (2) this guy has the balls to talk to media about this but fears retaliation
I mean, seriously, those who want to know your real name already know it.
Generally, if you develop exploits, you should be completely aware of every single possible attack vector. If you are working for a company like Trenchant, and you know what you are doing, the last thing you do is use Apple devices (at least fully, most of the time you have a public phone and much more secure private phone)
The reason is, when you take an Apple phone, connect it to a router that proxies through a computer so you can inspect traffic, you can see the vast amounts of shit being sent back to Apple which you have no control of.
Meanwhile, if you do the same with my custom rooted, de-googled android phone that I take overseas, you will see only ntp traffic, and that is only so I don't have to deal with cert issues because my clock is wrong.
Another reason not to work at places like this.
- Exploit developer makes and plays with exploits on their phone
- Apple notices this, warns them that there is spyware on their phone
- Exploit developer somehow thinks it is governments hacking into their phone
Interesting kind of payback. What does he think happens to the people whom the exploits he develops target?
I’m kidding of course
If these companies have no qualms using their exploits against their own employees they'll have absolutely no problem using them against members of Congress, the Courts, investment banks, tech leaders, and anyone with any sort of power. This gives them the ability to blackmail some of the most powerful people in the world.
edit: And that's not even mentioning their reported "intended use" against dissidents and journalists.
I get where you're probably coming from: this same technology is used all over the world to target journalists and dissidents in countries with and without the rule of law. A very real concern. I wouldn't do this kind of work either (also, it's been over a decade since I had the chops even to apprentice at it).
But there are very coherent reasons people are comfortable doing this work for NATO countries. Our reflexive distrust of law enforcement and intelligence work is a fringe belief: a lot of families are very proud to include people working in these fields.
The most important thing I guess I'd have to say here is: our opinion of this stuff doesn't matter. At current market rates every country in the world can afford CNE technology, and it's a market well served by vendors outside of NATO.
It very much does matter. If more people refuse to do this type of work, it eventually won't be done to the required standard. People would cut family ties and this would stop fast.
We live in a world full of threat-actors. We need exploits just like we need firearms and tanks and fighters and jets.
To mock the guy is just naive.
If you develop weapons, physical or digital, don’t be surprised if you end up on the receiving end.
Sure, cars are useful. But aiming to sell as many cars as possible is no more ethical than selling as many yachts as you can, especially if it involves making the living conditions worse for anyone who doesn't own a yacht, for example by bribing politicians, or destroying non-yacht-capable waterways.
Maybe not at Ford?
https://www.popsci.com/technology/tesla-lock-issue/
Firefighters recently resorted to breaking a Tesla’s window to free a 20-month-old child locked inside after one of the vehicle’s batteries died. The emergency rescue is the second of such incidents reported on this week by Arizona CBS news affiliate KPHO and reiterates the potential dangers of the EV company’s ongoing, under-addressed battery issues in extreme heat.
In July 2023, a 73-year-old man was reportedly forced to kick out a window in his Model Y after becoming trapped. A similar emergency occurred for a mother and her daughter in Illinois a few weeks later after renting a Tesla, while a California driver last month claimed she found herself stuck in her EV while waiting on an over-the-air software update that shut down her car. In the 40 minutes it took to complete the update, outside temperatures rose to 115-degrees Fahrenheit.
And yeah, if you know how, and can go through multiple steps: The only other workaround to battery issues appears to be a step-by-step solution in the owner’s manual that only opens a dead Tesla’s front hood by ostensibly hotwiring the car using external jumper cables. If this is the case, then people who find themselves locked out of their EV may need to continue relying on EMS—and their axes—until Tesla decides to address the glaring safety hazard.
> But the ex-Trenchant employee may not be the only exploit developer targeted with spyware .. there have been other spyware and exploit developers in the last few months
Not going to lie, this subject line would fit right in with the phishing messages and 419 scams in my Spam folder.
> Two days after receiving the Apple threat notification, Gibson contacted a forensic expert with extensive experience investigating spyware attacks.
Surely as a professional "exploit developer", Gibson himself should have been about as expert at this particular niche as any human being on the planet already.
I mean, sure, absolutely he should have called in his friends in the community and gotten more eyes on the device. But the way that's written it sounds like he took it into the local Genius Bar.
It also, in context, feels a little obfuscatory. Like he's trying to flag the involvement of senior folks who he can't name.
Sue them!
scheeseman486•3h ago