10 September 2016

During my bicycle trip to the springs of the White Main in the Fichtel mountains news about the state-sponsored Trident attack on IOS devices went around the world. The topic was front page news even of local newspapers, very often with a certain malicious joy, because Apple’s IOS is well-known for its superb security.

Within some days Apple developed patches for the vulnerabilities and delivered them to IOS devices in the field. This was taken for granted from the public, but it is very remarkable, because only Apple and Microsoft are able to deliver ad hoc patches for their mobile device operating systems.

In report ‘A Hacking Group Is Selling iPhone Spyware to Governments’, published on 25 August on WIRED, one could read:

“NSO Group won’t be able to use this particular attack anymore on iPhones running the latest version of iOS—and one of the operating system’s strongest selling points is its high adoption rates for new versions. In the meantime, the Citizen Lab and Lookout researchers say that there is evidence that the group has ways to get Pegasus spyware onto other mobile operating systems, notably Android.”

With this, all devices running Android, and this is the majority of devices, are potentially vulnerable for the Trident attack, and will remain vulnerable for their entire lifetime.

Or have you ever heard from a smart phone vendor who delivers patches for Android devices in a timely manner, and for older devices?

Have a good weekend.