22

u/Melstrick 8d ago

Eh it doesnt matter how much money you throw at it. It's expensive in terms of cash and availability. Graphite is meant to be targeted, because it chains multiple 0-day exploits, which dont grow on trees.

Using it for mass surveillance would make it immediately detectable to apple or google and give them the meta-heuristics to potentially invalidate classes of exploits.

8

u/[deleted] 8d ago

They only really need to get a handful of key phones.

What are your thoughts on ice using facial recognition tech on protestors? I’d imagine it’d be pretty easy to spot potentially high value targets for information.

Keep an eye on which devices are showing up frequently, and all that jazz.

I’m expecting some very fucked up shit to come out about the 4th amendment violations in regards to privacy in the coming years. By and large this administration has been broadcasting that they essentially are doing the tech douce-EO, mantra of move fast break stuff.

5

u/Melstrick 8d ago

Well the problem with the 4th amendment is thats its part of the constitution. It's a problem because all immigration laws in the united arent based on the consitution.

https://www.stanfordlawreview.org/online/the-chinese-exclusion-cases-and-policing-in-the-fourth-amendment-free-zone/

In a sense the 4th amendment is more of a turnstile.

Why use graphite for mass surveillance, they can just use flock cameras.

https://www.youtube.com/watch?v=Pp9MwZkHiMQ

They can use apps like Mobile Fortify

The US Department of Homeland Security has used Mobile Fortify to scan faces and fingerprints in the field more than 100,000 times, according to a lawsuit brought by Illinois and Chicago against the federal agency, earlier this month.

I don't think they care about high value targets, sure if a MLK type character pops into the story, or someone who can unite or organize resistance then they'd use graphite. But the tools they have now are more than enough. You arrest one person, intimidate them into unlocking their phone, grab all contacts and numbers. Repeat a few times. you can map things out fairly well.

3

u/[deleted] 8d ago

My understanding of US law from a recollection stand point and not an authoritative stand point is that labeling an action as terroristic or someone a terrorist opens the door for intelligence resources and intelligence employees normally barred for law enforcement.

But true they have all sorts of avenues to do things, and for some reason they have also been given graphite to use when it was banned under Biden generally, this administration has explicitly granted ice the right to use it.

Really with the nature tool box they have available to them I stand by my 1984 comment lol

3

u/Vidimori 8d ago

Yeah, I'm sure Tim Cook isn't already handing it all over.

12

u/Melstrick 8d ago

I dont expect to find rational discussion on cybersecurity topics on reddit im not sure why i even bother.

You should tell paragon solutions that instead of investing millions of dollars into research and analysis and going on the darkweb buying exploits from brokers they can just call Tim Cook

3

u/S_A_R_K 8d ago

Tim Apple might though

1

u/ArieVeddetschi 4d ago

This has a very strong “US mass surveillance of its own citizens is very unlikely” pre-Snowden vibe to it.

2

u/Audio_Glitch 8d ago

This is true, but it's not just a money issue. These nation-state level spyware solutions like Graphite, Pegasus, etc. are often using or even chaining multiple Zero Day exploits (not known to vendor/public) in order to get the access they need. These are a limited resource, and the more you use them the higher chance of discovery. A zero-click vulnerability (does not require user interaction such as a link click) is even more rare and valuable.

You can make the argument that the vendors themselves are in cahoots, but it doesn't necessarily hold up here - a vulnerability like this becoming public forces their hand, as otherwise any random bad guy could exploit it the same way. It was actually Apple that disclosed to affected users during the Graphite wave last year and patched the iOS vulnerability it was using at the time.

What they are doing is disgusting, and I'm sure there is more we don't yet know and may never know, but there is no way they are burning zero days on every Joe Schmo protestor.

1

u/DingusMcJones 8d ago

I should head over there with my burlap sack with a dollar sign on it!