I am an expert in this stuff. The authors act surprised about what we knew already. I wrote about this in detail
in my book on How to get your privacy back. Which, by the way, is exactly what they do not address. There are much better books. A much better reporting work is “Active Measures” by someone who actually led some of these efforts (by the Russians). This book instead could have been reduced to a long article for the amount of useful information in it. The authors seem much more interested in how important they are as journalists than other things. There are people doing things to fix this who are not being reported on. It is not sufficient to say Apple is doing something. Social engineering, including its most extreme form, a pistol to someone’s head, always works. It would be better to competently report on what Apple has actually done. As a founding director of the non-profit, Trusted Computing Group, and having sat through many many situations where standards were purposefully loosened to allow for the kinds of attacks reported, the real story is not being told. Journalists and the media should show some responsibility and convey how the fixes actually work. I was teaching these vulnerabilities back in 1996, and taught them at CMU for twenty years. Nobody listened or cared what the people who actually understood were saying. As a SVP with Wave Systems (actually building stuff that mitigated attacks) I oversaw the acquisition of an Isreali company which clearly revealed the Israelis, like the Swiss, that require MANDATORY universal service, knew what we knew, but because of the service could commercialize it. Yet, customers refused the fixes. So the Israeli’s were left with Pegasus for spying, not stopping the spying. Nobody buys the fixes. Back in 1996 I was the author of Phoenix (BIOS) Secure Core which blocked total takeovers of PCs. We put public key cryptography into the boot, and screamed about having “only known devices on your networks”. Nobody bought. Phoenix is gone (through theft of IP). Google for my youtube of 12 years ago entitled “Dr. Robert Thibadeau discusses secure computing youtube”. P.S. the Chinese listened. Our journalists did not. They still don’t care about anything other than scaring people and then not investigating the actual solutions. That would be, of course, counterproductive for a journalist because we are just dweebs. Right? This book could have been so much better organized, researched, and written. Indeed. Maddow’s intro is the only thing anybody needs to read for the lack of content in it.
Review from Pegasus →