this post was submitted on 26 Jul 2024
181 points (99.5% liked)

Technology

59038 readers
3862 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Police could lawfully use bulk surveillance techniques to access messages from encrypted communications platforms such as WhatsApp and Signal, following a ruling by the UK’s Investigatory Powers Tribunal (IPT), a court has heard.

you are viewing a single comment's thread
view the rest of the comments
[–] Zak@lemmy.world 109 points 3 months ago (2 children)

The headline is a little misleading. The actual ruling is that police can obtain warrants to install surveillance malware on phones when they have evidence the owner is using it to communicate about crimes.

[–] NarrativeBear@lemmy.world 21 points 3 months ago (4 children)

Could malware be installed without access to the physical phone? How would this be achieved. Is it with a backdoor from the phone manufacturer or infected somehow from the sim card service provider.

[–] Plopp@lemmy.world 12 points 3 months ago (2 children)

Depending on circumstances it can be done remotely in different ways AFAIK using things like IMSI Catchers, malicious and sometimes invisible SMS messages, and maybe spearfishing or other methods. Or a combination of things, leveraging different weaknesses of the phone in question.

[–] hoshikarakitaridia@lemmy.world 10 points 3 months ago

And because this could just enable government bodies to fuck around with spying, that's why usually you have to get a warrant for this kinda stuff on the grounds of probable cause.

[–] AtHeartEngineer@lemmy.world 4 points 3 months ago

This is much much harder though, and would risk exposing the vulnerabilities they are using, so they likely won't use these methods unless it's higher profile and involves some higher up govt entities. Your normal street crime cop shop won't be able to do this.

[–] aodhsishaj@lemmy.world 4 points 3 months ago (1 children)

Likely as not, person charged with crime is in custody. Police force person to unlock phone, then police install malware and wait for comms to come in.

[–] bionicjoey@lemmy.ca 12 points 3 months ago* (last edited 3 months ago) (3 children)

You'd have to be a real idiot to keep using the same phone after the police arrested you and forced you to unlock it, especially for doing crimes.

[–] narc0tic_bird@lemm.ee 3 points 3 months ago

This. Even I would be too paranoid to keep using a phone (or other device for that matter) that the police confiscated before.

[–] aodhsishaj@lemmy.world 1 points 3 months ago

You're in custody, your friends don't know you're locked up. Who's the idiot?

[–] bjoern_tantau@swg-empire.de -2 points 3 months ago

Well, people doing crimes aren't known for their intelligence.

[–] ichbinjasokreativ@lemmy.world 4 points 3 months ago

Can be done remotely on any mobile platform. Look up pegasus if you're interested.

[–] pwalker@discuss.tchncs.de 3 points 3 months ago

Well just recently researchers discovered a campaign installing backdoors on iPhones using a chain of several 0-day expoits or in this case using also 0-click exploits, where no interaction from a user is needed. However those attack chain are so advanced that practically normal law enforcement would never be able to do it. But theoretically yes some well equiped state actors are able to infect you without noticing. If you are really intrested to see how advanced these attack are search for "project triangulation" or watch the recording from last years chaos computer conference: https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers#t=373

[–] conciselyverbose@sh.itjust.works 2 points 3 months ago

The court heard that the Investigatory Powers Act 2016 allows law enforcement to obtain a TEI warrant for a single investigation or operation, such as the covert monitoring of the activities of an identified organised crime group. However, the lawyers argued that a TEI warrant could not be used to monitor all users of a particular messaging service. It was not enough, they said, that the targets for surveillance were using a common technology “incidental to their suspected criminality”.

I think this is their point. The additional links are walled, but the assertion it sounds to me like they're making is that the ruling authorized them to hack and surveil an entire platform, rather than based on probable cause against specific individuals.