zlacker

[parent] [thread] 7 comments
1. olliej+(OP)[view] [source] 2019-07-02 17:54:45
So it’s android only?
replies(3): >>xenosp+m2 >>dewiz+b5 >>aVx1uy+a6
2. xenosp+m2[view] [source] 2019-07-02 18:09:52
>>olliej+(OP)
iOS is probably looked at as well, but has to be done manually since there's no way to just do it with a simple app.
replies(1): >>z33k+U3
◧◩
3. z33k+U3[view] [source] [discussion] 2019-07-02 18:19:51
>>xenosp+m2
I'd wager that they have a enterprise certificate to sign the iOS app with. Then it's a matter of sending the spy victims to a URL, installing the app and granting access to photos/ location/ whatever.
replies(1): >>tomovo+H4
◧◩◪
4. tomovo+H4[view] [source] [discussion] 2019-07-02 18:24:44
>>z33k+U3
Nope.. the user would also have to open Settings and explicitly mark the vendor certificate as trusted.
replies(1): >>LocalH+zc
5. dewiz+b5[view] [source] 2019-07-02 18:26:47
>>olliej+(OP)
iOS too, they ask for the PIN so they can unlock and install etc
6. aVx1uy+a6[view] [source] 2019-07-02 18:31:47
>>olliej+(OP)
From the article:

>Apple devices were not spared scrutiny. Visitors’ iPhones were unlocked and connected via a USB cable to a hand-held device, the journalist said. What the device did could not be determined.

◧◩◪◨
7. LocalH+zc[view] [source] [discussion] 2019-07-02 19:13:26
>>tomovo+H4
It says the devices were unlocked then the device was connected. I would assume the device is in the custody of the Chinese authority at this point. Thus, they can just go into Settings and trust the cert.
replies(1): >>olliej+i53
◧◩◪◨⬒
8. olliej+i53[view] [source] [discussion] 2019-07-03 22:19:24
>>LocalH+zc
Changing trust settings on device requires the password.

Better question is: what are they able to pull off the device while it's unlocked?

[go to top]