Big time pocket vulnerabilities

I was asked for a comment on some research into mobile app IT security and identified the Operating System and physical proximity as the two key attack vectors. A couple of days later, Wikileaks released material related to the CIA's aggressive hacking arsenal. Much of it aimed at mobile phones.

  1. Rene Millman's original article
  2. Some further thoughts by me; I identify the fact that we have built Risk Control portfolios to manage and mitigate some of these vulnerabilities, although the phone needs to be with you to be of use and so physical proximity cannot be denied.
  3. Recode on the Wikileaks dump, who also seem to be more concerned about laptops and silly names
  4. ORG states that encryption still works, the hacks rely on hacking the device.
  5. Bruce Schneier comments here, on the age of the material and the likely source
  6. It seems that the CIA lost the cyber weapons, which is a bit careless of them but reinforce the argument that Government secrets about people (or in this case software) will leak. Privacy is damaged immediately or via the cyber weapons. It's an example of what will happen if there are government mandated back doors.
  7. ORG's comments on the UK Government's culpability and high lighting the fact that the transatlantic intelligence agencies have discovered software vulnerabilities and failed to inform the product authors.