Pegasus and Linux in general...pH

[pH]

Hi Folks.
An Israeli program called "Pegasus" has been in the news of late as an
'infection' which can affect Android based cellular phones.

It's my understanding that Android is essentially Linux for cellular phones.
(Let me know when there's a CP/M based cellular phone and maybe I'll
consider it....)

My question:
Do we need to worry about this Pegasus thingie for Linux operating systems
in general?

pH in Aptos

[David W. Hodgins]

No. Android is a stripped down derivative of linux with everything running as
root with most, if not all security removed, in order to make it easy to use.

Regards, Dave Hodgins

[Joerg Lorenz]

Am 14.01.23 um 04:36 schrieb David W. Hodgins:

*ROTFLSTC*

--
Gutta cavat lapidem (Ovid)

[Joerg Lorenz]

Am 14.01.23 um 03:03 schrieb pH:

> Hi Folks.
> An Israeli program called "Pegasus" has been in the news of late as an
> 'infection' which can affect Android based cellular phones.

Is in the press for at least 2 years. It all started with the infection
of iPhones. These attacks were/are extremely sophisticated. The status
of Android seems to be still unclear.

> It's my understanding that Android is essentially Linux for cellular phones.
> (Let me know when there's a CP/M based cellular phone and maybe I'll
> consider it....)

Only the Kernel of Android is Linux. The whole rest is proprietary
insecure stuff.

> My question:
> Do we need to worry about this Pegasus thingie for Linux operating systems
> in general?

Difficult to judge. Servers could be of some interest.
On your desktop machine do not work as root/admin.

[8c065a96]

...bruh what?

Isn't Android, like, the one relevant distro/fork that actually uses
SELinux, and outright hostile to developers with how much it locks down
what apps can do (even something so mundane as touching
/storage/emulated/0/Download requires asking the user, for instance)?

[26C.Z968]

Hey ... I like the idea of a CP/M phone :-)

(hmm ... a few early versions of Turbo Pascal came
with CP/M-tweaked versions - ideal for the project)

Android has had security issues - but then everything does.
It uses a Linux kernel, but almost everything on top of
that is custom. A good feature is that apps are run in a
"sandbox", largely isolated from the rest of the system,
but even that has been exploited to fool users/anti-virus
that an infected app is "safe". Usually apps are only
checked once for bad behavior, but time-delayed evil can
be hidden inside.

Modern Android seems kind of 'anal' - always asking
for user permissions for things - but 'anal' and
actually 'secure' are not always the same thing.
We remember Winders Vista - where the MS 'cure' for
all its security holes was to Make It YOUR Fault
by allowing apps and actions (or just disabling
that horrible stuff entirely).

The danger from Pegasus and the like kind of depends on
who you are and what you do. Normally Pegasus has been
used by governments to spy on enemies/rivals (and sometimes
its own). In theory it could be widely deployed, but that
would subject it to more detailed analysis and soon it
could be detected/blocked easily. Narrow deployment
extends the useful lifetime of spyware. Pegasus is
now too "exposed", and thus probably at end-of-life.

[pH]

Okay, thank-you for the info.

pH