Am I glad I switched to the Samsung S24 and gave up using an iPhone.
My iPhone got badly hacked by that Israeli software 6 months ago. I real nightmare. Had to throw the phone out it was so badly hacked.
Seems nowadays iPhones get targeted with spyware even worse than Android.
There's certainly lots of
chatter about targeting iPhones, because Apple's superiority complex makes them more tempting targets. Apple's gear is hardened to a greater extent by architecture, design, protectionist ****-moves, and by settings, out-of-box. Of course, Apple is not always on their best SecDevOps game, particularly in messaging vectors (like merely receive an IM, and device it borked. srsly?). Lack of an extensible firewall with user accessible logging? Real bone-heads sometimes.
If malware such as Pegasus gets ahold of your phone, you are better off throwing it in the shredder (Rhetoric Alert: Do NOT throw hacked iPhones into a shredder. Give them to relatives you don't like.) But switching to Android... isn't a solution, per se.
Chatter about cutting droids quieted down because it's comparatively low-effort, for reasons. Android CAN be hardened, but it certainly doesn't come out of the box that way, and hardening an OS is not particularly light work. No matter what vendors say about user security, simply grafting their fancy-pants UIs on top of clean android (ostensibly for "branding" and "experience improvement") opens up a rat's nest of security holes. Then there's jurisdictionally mandated shell and UI code. And then, droid app stores are hives of scum and villainy.
It would be good if Apple published statistics about the state of a user’s phone software when it came under attack.
Was it up to date? How far behind was it? How did hack occur, by mail, message, app or by hardware port, etc.
That would be very interesting, buuut... However Apple is getting it done, they can't afford to revealing anything at all about the sources, techniques or statistical frequencies. That would the long-term veracity of their surveillance program. They're doing good, here, I'd like to presume. Thing is, if they can pick out malicious activities that finely, they can certainly pick out other stuff. And with whom might that intel be shared, and under what circumstances?
To prevent most problems, use totally different passwords everywhere. Stay away from free internet services like Hotmail, Facebook. And don't send sensitive information like passwords on chatting services.
☝️ This guy is on the right track. Always enable/never disable System Integrity Protections. Use Biometric MFA. Use hardware MFA tokens, if at all possible. If you use third-party password + MFA vault services, keep local backups and be prepared to change ALL credentials if the on-line component gets popped (that could be a very long day, indeed). Don't use and free CASB or VPN services, and carefully read the user agreements for the ones you do pay for.
The very basics get you 90% of the way. Another 5% is good personal habits that can be frustrating at times. Another 3% is fairly exotic, egg-head technique... The last 2%, jeeze, nobody is safe there.
Don't dwell on it to the point of personal dysfunction. We're all already "In the Churn," as Amos (The Expanse) would say. Just understand that all the slick integration we prize in modern tech, is enabled ONLY by inherent compromise in security. It's only us humans making this stuff, so far, and we kinda suck. When AI starts making the stuff, well, then make sure you know how to transmit "Share and Enjoy," and "I think digital watches are a pretty neat idea," in hex.
