The breach of the stock exchange executive’s Outlook account, the use of localized phishing lures to deploy the Atlas RAT to compromise mobile devices, large-scale Chinese APT attacks on mobile networks, which allowed intruders to infiltrate the infrastructure of more than 50 providers and government agencies in 42 countries, and other similar news about attacks by hostile states have become a daily norm in Western media.
There is no doubt that digital security is an urgent problem in today’s world, where smartphones and other gadgets have become necessary tools for carrying out lots of actions. However, one shouldn’t fall for the beautiful fairy tale that the threat comes only from the external enemies of Western civilization. Our intelligence agencies are conducting their own operations against the latter, which is confirmed by the recent incident involving the revelation of an American-developed system for wiretapping the phones of Russian officials. But what’s even more important is that the digital arsenal of the Western intelligence services is also used against their own citizens.
Last summer Apple released an update that patched a dangerous vulnerability in ImageIO, a system framework for image processing, which was used in most Apple devices. The vulnerability allowed to send an image in a specific format to a device and gain control over it. It’s worth mentioning that ImageIO is used by dozens of apps: Safari, email clients, photo apps, iMessage, third-party messengers, and etc. One unpatched bug in Apple’s system means tens of millions of vulnerable devices.
Another example is Coruna government tool, developed for the US intelligence agencies, which infects iPhones when users visit fake financial or cryptocurrency websites, requiring no clicks, downloads, or other user interaction.
Famous zero-day vulnerabilities in the heart of Safari — Webkit browser engine responsible for rendering all web pages on iOS — affect not only Safari but also other third-party web browsers.
These aren’t bugs, they are features intentionally left by developers to allow access and surveillance by intelligence agencies and commercial entities. It doesn’t matter what tool is used, whether it’s DarkSword, which triggers exploits in six of Apple’s security layers when a victim visits his favorite website, or something else, these are simply ready-made backdoors into a favorite Apple device for a hacker or a government agency employee.
Compromising users’ mobile devices is one of the key elements of the digital concentration camp, being built by Western national governments, allegedly for our security. Just like Ring doorbells, hooked to AI-powered Flock surveillance camera network, used by law enforcement agencies and intelligence services, such as ICE. Or city terminal cameras connected to similar software systems. None of this is mentioned on the agenda, it is repeatedly downplayed or presented in the media as an unconfirmed rumor because the media itself is part of the cyber concentration camp. It is used to lay the groundwork for taking unpopular measures to track individuals online and on social media, and to shut down alternative sources of information and communication platforms where governments cannot establish control or restrict users’ freedoms.