Probably. It is known the the FBI got a number of keys from Apple to open some phones.

It’s probably not possible to break into them for regular law enforcement.

Give Trumps phone to the Chinese or vice versa and they will probably manage something.

My understanding is they may be able to but to do so risks publicizing secret exploits, which could then be fixed. So they usually save these for very high profile targets to make sure it’s worth it.

There is no doubt govers hoard 0-day vulnerabilities. We saw that with the Shadow Brokers and Eternal Blue.

When a government says they can’t break into a system, what they are really saying is we don’t want to tell the court how we did this in order to establish the chain of custody for evidence also , we don’t want the vendor to fix it.

With all that said there are limits. Like being able to listen to your phone when it’s off, or turn it on remotely is just wrong

you’re not wrong, and it’s not really a conspiracy, it’s fairly well-documented at this point

there’s a whole industry of companies called ‘exploit brokers’ and surveillance vendors that sell smartphone compromise capabilities to governments. the most famous is NSO Group, an Israeli firm whose product Pegasus was used by governments worldwide to silently compromise iPhones and Android devices, including targeting journalists, activists, and political opponents. Amnesty International and Citizen Lab have forensically confirmed infections on real devices. this isn’t speculation; it’s documented in court filings and peer-reviewed technical research

the way it works is through what are called zero-days: software vulnerabilities that even the phone manufacturers don’t know about yet. these can be worth millions of dollars on the open market. governments and their contractors hoard them, sometimes for years, to maintain access capabilities. Apple and Google are constantly patching these when they discover them, which is why you see urgent security updates

so the ‘we can’t break into it’ statements from agencies like the FBI are more nuanced than they appear. what they often mean is they can’t break into it cheaply, at scale, without vendor cooperation, not that it’s impossible. they’re usually pushing for backdoors built into the software so they don’t have to rely on expensive zero-days or third-party vendors like Cellebrite

the problem is that any backdoor you build for the “good guys” is also a vulnerability that adversaries can find and exploit. security researchers largely agree you can’t have a backdoor only the right people can use, it doesn’t work that way technically

so your instinct is right. the public debate is somewhat theater. the real capabilities exist, they’re just expensive, targeted, and something governments don’t want to fully disclose because it would reveal sources and methods

Feeling? Have you seen Snowden’s leaks? It’s a fact.

It is a facade, but once a method is used it shows their hand, so they save exploits and zero days for high profile targets.

Many years ago go I worked for a company as their BlackBerry admin. I also managed their other smartphones. They started an office in Russia.

The Russian government wouldn’t let you use a BlackBerry server, they only let you turn over your creds to a server managed by the phone operator.

I assumed this was because they wanted to see those emails.

They didn’t need to do this for ActiveSync or imap devices like iPhone Android or windows phones.

What LibertyLizard said, plus there are many other ways of gathering the same data.

I suspect the NSA already has a quantum computer capable of breaking most (if not all) forms of encryption currently in use.

Everything can be broken into. IT security isn’t about making a system truly secure, it’s about patching discovered zero-day exploits and poking novel holes so no one else can but you.

In 2020, the European Court of Justice declared the Privacy Shield agreement, an agreement on data exchange with the US, incompatible with European law and thus effectively terminated it, not because of the activities of any corporations, but because data stored on US servers is not sufficiently protected from access by the US government (Schrems II ruling). The reason for this is the absurd legislation in the US, such as the Patriot Act, which, although it has been weakened, still allows the state to force any company or private individual to hand over all data processed on servers physically located on US soil, even without any suspicion or a court order.

As a result, all US companies doing business in the EU were forced to operate servers on European soil in order to continue their activities legally. European companies that used US providers that did not comply had to switch to providers that do not operate servers in the US.

Unfortunately, it took only 21 months for US lobbying to undermine the European Court of Justice’s decision: in 2022, a follow-up agreement was adopted, the “EU-U.S. Data Privacy Framework,” which is no different from its predecessor at all. The legal situation remains the same in the US, and once again there is no protection of data from the US government.

In short, anyone who uses services that are processed on US servers is not protected from arbitrary access by the US - and this also applies to EU citizens.

You have to look at jail breaking iOS as one of the most powerful security movements in the history of computing.

Every time a new exploit would come out, jailbreakers would open source it, give out every detail. So Apple could fix it. That made the OS very secure. Like, to the point where jail breaking is in one way no longer possible.

Remember the time when you could jailbreak your phone just by downloading a PDF file? Imagine jailbreakers not open sourcing that but selling it to a shady company or government. Suddenly, every PDF file you get in an email can complete take over your phone.

You’re right - exploits exist that these companies hide from the people and from mobile manufacturers. They do so because they’ve built multi-million dollar models for using these exploits against people they want to target. But is there a universal exploit for all iOS? No. If it were, someone would be loading cydia on it and uploading a grainy video on X or whatever.

They can get into most phones for sure, and even if you have GrapheneOS in a paranoid config they can get you if they put in significant effort. Mostly they will come at the data from a direction that doesn’t require compromising the phone itself if that’s too much challenge. You need to think about the total attack surface, the phone itself is just one thing. Ultimately it’s about what resources are necessary to get what they want, for most phones the resources are relatively minimal.

I’ve been certain of it for years. I’ve assumed the NSA can access any american made technology since the Patriot asct, IDF any Isrealy made piece of technology, CCP any Chinese made…

Of course they can, and do.

There used to be a time people would watch what they saud on their landlines while talking for fear they were being wiretapped.

Now nearly everyone is asking their wiretap for chili recipes and other dumb things.

As long as it remains difficult and rare ….

• I’m kind of fine if limited to intelligence agencies for national defense. For example partly brute forcing encryption would take significant time and computing power
• there are no visible indicators that it is being done for police action
• current us administration has no hesitation to do things like that to individuals out of personal spite, yet doesn’t appear to have

Just because they are out to get you, it doesn’t mean you’re not paranoid.

I’m pretty sure they’ve broken into my phone a few times.

And got severely disappointed.

I swear to God, the government has done a good job of making people forget about the Snowden leak.

Many governments, all over the world, but especially the U.S. and China, can and are installing physical hardware backdoors into essentially every consumer grade phone and computer in the market.

There was a story from the podcast ‘Darknet Dairies’ where it was discovered that a journalist’s phone had tracking software uploaded to their phone in a zero click text. The target’s phone received a text in the middle of the night that uploaded the software and then deleted any history of the text being received. I think this is one of features of the Pegasus software sold by the NSO Group. And that was 5 or 6 years ago.

It totally depends on your definitions and which government you’re talking about. Israel’s use of pegasus malware to exfiltrate sensitive information from journalists and detractors is notorious. Considering how tight big tech in the US is with fascists (and the history of the NSA), it wouldn’t be a huge leap of logic to assume that they are at least trying to get backdoors installed and are making off the books deals with tech companies to acquire information extrajudicially.

Isn’t there a very well-known Isreali tech company that can break iPhone encryption given enough times? This isn’t just a feeling but I also think there’s some zero-days intelligence agencies have planted and could be hiding

Given the motivated, well-funded, well-staffed nature of many nations’ intelligence gathering divisions, it’s safe to assume anything you do on a computer with any kind of internet connection is probably available and ready to be analysed if/when you ever cross the threshold from potential target to target.

en.wikipedia.org/wiki/Cellebrite_UFED

When I served on jury duty duty, we heard how the cops used some type of software to try to get the messages off two phones but there was a speacial way that they needed to turn on the phone to prevent it from booting the OS. Someone screwed that part up with one of the phones, and the messages got wiped when it turned on.

The only way to be safe from your computer being wiretapped is to not use a computer.

All my phone has is on it is an absolutely embarrassing amount of memes and pictures of my cat. There aren’t even any nudes on it, although maybe I should take some to traumatize any government agent who goes digging through it. Would serve them right.