Police could lawfully use bulk surveillance techniques to access messages from encrypted communications platforms such as WhatsApp and Signal, following a ruling by the UK’s Investigatory Powers Tribunal (IPT), a court has heard.
Apparently what happened is that French police installed some of malware on the phones to read the messages, and this was now decided to be legal in the UK.
The basic security stuff exists on Android and iOS as well, namely full disk encryption. When that is defeated through a missing or bad password nothing keeps them from installing their malware with device access.
If they got in through an external security vulnerabilities in some software package the situation is also the same on either OS.
To be honest, it ‘could’ change everything. You don’t need to run ‘phone’ hardware. You could assemble a handled computer with a 5G modem out of consumer-available parts.
Even if we didn’t go that far, we would get our own LUKS encryption with keys we chose and if we knew we couldn’t trust the hardware, we could take precautions. They can attack apple and android easily enough because it’s just two platforms, one vulnerability in android and you’re into 50% of the population.
While we at it with wishlists, maybe we could do some hardware version of tpm/dpapi and manage to relatively safely encrypt the ram as well.
Apparently what happened is that French police installed some of malware on the phones to read the messages, and this was now decided to be legal in the UK.
Damn, we’ll need those linux phones working soon.
Then they enforce the chipmakers to put backdoors in the chips themselves
I’d wager they already have
For x86 platforms it’s called Intel ME and AMD PSP.
What would that change?
You’d have enough control over the software that you can ensure nothing like this happens
The basic security stuff exists on Android and iOS as well, namely full disk encryption. When that is defeated through a missing or bad password nothing keeps them from installing their malware with device access.
If they got in through an external security vulnerabilities in some software package the situation is also the same on either OS.
To be honest, it ‘could’ change everything. You don’t need to run ‘phone’ hardware. You could assemble a handled computer with a 5G modem out of consumer-available parts.
Even if we didn’t go that far, we would get our own LUKS encryption with keys we chose and if we knew we couldn’t trust the hardware, we could take precautions. They can attack apple and android easily enough because it’s just two platforms, one vulnerability in android and you’re into 50% of the population.
While we at it with wishlists, maybe we could do some hardware version of tpm/dpapi and manage to relatively safely encrypt the ram as well.