you’re not wrong, and it’s not really a conspiracy, it’s fairly well-documented at this point
there’s a whole industry of companies called ‘exploit brokers’ and surveillance vendors that sell smartphone compromise capabilities to governments. the most famous is NSO Group, an Israeli firm whose product Pegasus was used by governments worldwide to silently compromise iPhones and Android devices, including targeting journalists, activists, and political opponents. Amnesty International and Citizen Lab have forensically confirmed infections on real devices. this isn’t speculation; it’s documented in court filings and peer-reviewed technical research
the way it works is through what are called zero-days: software vulnerabilities that even the phone manufacturers don’t know about yet. these can be worth millions of dollars on the open market. governments and their contractors hoard them, sometimes for years, to maintain access capabilities. Apple and Google are constantly patching these when they discover them, which is why you see urgent security updates
so the ‘we can’t break into it’ statements from agencies like the FBI are more nuanced than they appear. what they often mean is they can’t break into it cheaply, at scale, without vendor cooperation, not that it’s impossible. they’re usually pushing for backdoors built into the software so they don’t have to rely on expensive zero-days or third-party vendors like Cellebrite
the problem is that any backdoor you build for the “good guys” is also a vulnerability that adversaries can find and exploit. security researchers largely agree you can’t have a backdoor only the right people can use, it doesn’t work that way technically
so your instinct is right. the public debate is somewhat theater. the real capabilities exist, they’re just expensive, targeted, and something governments don’t want to fully disclose because it would reveal sources and methods
you’re not wrong, and it’s not really a conspiracy, it’s fairly well-documented at this point
there’s a whole industry of companies called ‘exploit brokers’ and surveillance vendors that sell smartphone compromise capabilities to governments. the most famous is NSO Group, an Israeli firm whose product Pegasus was used by governments worldwide to silently compromise iPhones and Android devices, including targeting journalists, activists, and political opponents. Amnesty International and Citizen Lab have forensically confirmed infections on real devices. this isn’t speculation; it’s documented in court filings and peer-reviewed technical research
the way it works is through what are called zero-days: software vulnerabilities that even the phone manufacturers don’t know about yet. these can be worth millions of dollars on the open market. governments and their contractors hoard them, sometimes for years, to maintain access capabilities. Apple and Google are constantly patching these when they discover them, which is why you see urgent security updates
so the ‘we can’t break into it’ statements from agencies like the FBI are more nuanced than they appear. what they often mean is they can’t break into it cheaply, at scale, without vendor cooperation, not that it’s impossible. they’re usually pushing for backdoors built into the software so they don’t have to rely on expensive zero-days or third-party vendors like Cellebrite
the problem is that any backdoor you build for the “good guys” is also a vulnerability that adversaries can find and exploit. security researchers largely agree you can’t have a backdoor only the right people can use, it doesn’t work that way technically
so your instinct is right. the public debate is somewhat theater. the real capabilities exist, they’re just expensive, targeted, and something governments don’t want to fully disclose because it would reveal sources and methods