Ask HN: How to stay ahead of zero-day organizations like NSO Group, etc.?

5 points

5 years ago

A new Citizen Lab report describes state actors using NSO Group's new zero-click/no interaction exploits on journalists in the Middle East. https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

I then started reading: https://www.vice.com/en/article/qvakb3/inside-nso-group-spyware-demo https://www.vice.com/en/article/pkyzxz/spain-nso-group-pegasus-catalonia

If NSO Group and many other companies and intelligence agencies are actively developing zero-days, how can one protect against it?

Is security through obscurity (e.g. using the PinePhone or an unknown platform) the only option?

I'm only really asking about individual solutions to protect data, rather than systemic ones, like the recommendation by the U.N. Special Rapporteur on freedom of expression for a global moratorium on the sale and transfer of surveillance technology. Such systemic solutions seem unlikely as of yet.

3 comments