So … should reporters operate under the assumption that their iPhones have been compromised by Pegasus, Candiru, or something similar? And in the era of zero-click exploits, are there any practical steps a person can take to avoid them?
Conversation
Recently I’ve gotten a lot of strange wrong-number texts, some with images attached, and having now read this story I’m basically sleeping with one eye open
6
6
25
Have you considered switching to an Android phone running a hardened OS like CalyxOS?
1
3
Replying to
I've been using it on my Pixel 5 for quite a while and it's based on AOSP with the open source reimplementation of Play Services called MicroG. It's maintained by the focused on privacy and security. I highly recommend checking it out.
calyxos.org
2
1
4
Do we know that Calyx protects against zero-click exploits? (Given that these exploits are incredibly sophisticated)
2
1
It has much weaker protection than AOSP and the stock Pixel OS, especially since they recently spent 4 months not shipping the standard Chromium / Android updates.
They're trying to portray patching 1 bug early (Dirty Pipe) as the norm. They have multiple unpatched kernel CVEs.