So … should reporters operate under the assumption that their iPhones have been compromised by Pegasus, Candiru, or something similar? And in the era of zero-click exploits, are there any practical steps a person can take to avoid them?
Conversation
Recently I’ve gotten a lot of strange wrong-number texts, some with images attached, and having now read this story I’m basically sleeping with one eye open
6
6
25
Have you considered switching to an Android phone running a hardened OS like CalyxOS?
1
3
Replying to
I've been using it on my Pixel 5 for quite a while and it's based on AOSP with the open source reimplementation of Play Services called MicroG. It's maintained by the focused on privacy and security. I highly recommend checking it out.
calyxos.org
2
1
4
Do we know that Calyx protects against zero-click exploits? (Given that these exploits are incredibly sophisticated)
2
1
I unfortunately don't know the answer but perhaps someone at the Calyx Institute or team would know more about it.
2
1
Note that despite their answer falsely claiming to ship patches quickly, they recently went almost 4 months without shipping the Chromium or Android security updates. CalyxOS has a history of covering up their own vulnerabilities and greatly misleading users about security.
1
1
Multiple Chromium and Android vulnerabilities patched during that time were caught exploited in the wild. The patching continues to be unreliable, and they roll back the standard security model in AOSP. There's far more to security than fixing bugs one by one as they portray it.
1
1
Replying to
Did you seriously just search for any mention of CalyxOS to find this thread? Other than having to wait for the update from 11 to 12 updates have been quick and reliable and I think CalyxOS is the best for MOST users.
1
Replying to
There was almost a 4 month delay for security updates including browser updates. It wasn't only the major upgrade from 11 to 12 which was delayed. There are far more delays than that in practice too, and lots of security features rolled back or compromised in the OS.
CalyxOS doesn't provide broad app compatibility and also has leadership and developers involved in a long history of abusive / underhanded behavior. I don't think anyone should be recommended to trust an organization led by someone highly abusive involving in bullying/harassment.
2
1
It's well known that they're heavily focused on marketing including claiming to provide things they don't, covering up vulnerabilities that were discovered, misleading people about security updates and spreading false claims about the compatibility/performance of other options.