The Challenge

Back in the year 2000, the Internet was the big promise of freedom and democracy for all. Today, we came to realize the contrary happened. We are all deeply spied on and manipulated by a few firms, nations and hackers via social media, messaging apps, and devices that we can't live without.

Whether we live in Bejing or Paris, astounding levels of surveillance and manipulation are increasingly built into our everyday digital devices and social media apps, following us even in our living rooms and bedrooms.

Fortunately, recent advances in secure mobile devices, cybersecurity suites, and secure messaging apps provide to ordinary citizens solid protection at least for the private digital life of most citizens, when properly used.

According to pre-Covid polls by UBS and by Northern Trust, cybersecurity is the 1st and 2nd greatest concern even for family offices and high net-worth individuals, respectively. Paradoxically the wealthier or more influential one gets, the greater his/her cybersecurity problem becomes!

Secure mobile IT vendors like Apple would want to suggest that the problem affects only a few thousand law-abiding persons worldwide. But in a recent White Paper, we analyze recent data to reveal how it is hundreds of thousands or even millions the likely number of law-abiding persons are hacked or hackable continuously and undetectably, by dozens of nations, criminal groups, and, worse, by innumerable adversaries that “rent” such capabilities, at moderate cost and minimal risk. But you don’t read about it in the news. Most of these cyber-crimes go undiscovered for years, and if ever discovered, aren’t publicized as both victims and attackers gain from keeping it unreported.

What hope do we or politically exposed persons have if even the wealthiest can’t buy their way out? They just have to live with it, as a natural phenomenon, much like lightning or rain – or do they? 

Sometimes-the-.jpeg

Yet, these solutions are completely ineffective for millions of law-abiding high-profile individuals, such as journalists, politicians, executives, activists, wealthy individuals, and their social and business associates.

These are subject to targeted attacks for illegitimate political or economic motives, by innumerable determined governments, criminals, or adversaries, that can take undetected full control of their devices spending on the range of a few tens to hundreds of thousands.

Nothing we can do about it for our public digital sphere, except always assuming to be recorded, or retreat from it altogether.

This problem is even worse for journalists, activists, politicians, executives, wealthy individuals, and their close associates, who are especially targeted for profit or political reasons, whose digital freedoms are key for a functioning society.

Secure mobile device vendors like Apple suggest that the problem affects only a few thousand law-abiding persons, and that even security agencies can hack on an iPhone, in a “security theatre” where everyone gains except the end user. Nevertheless, the truth is coming out.

According to pre-Covid polls by UBS and by Northern Trust, cyber-security is the 1st and 2nd greatest concern of family offices and the World 16 million high net-worth individuals, respectively.

Are they paranoid? Not, unfortunately, as we recently learned, it is really hundreds of thousands or even millions the likely number of law-abiding persons that are hacked or hackable continuously and undetectably, by dozens of nations, criminal groups, and, worse, by innumerable adversaries of all kinds that “rent” such capabilities, at moderate cost and minimal risk. But you don’t read it about it in the news. Most of these cyber-crimes go undiscovered for years, and if ever discovered, aren’t publicized as both victims and attackers gain from keeping it unreported.

Their most sensitive data is exposed to cyber-criminals, resulting in ransomware, extortion, financial loss, reputational damage, blackmail, and even physical harm. Worse still, to limit any damage they are forced to self-censor their actions, speech, and even ideas, as just about everything captured on their devices can now be accessed by others.

Paradoxically, the wealthier or more influential one gets, the greater his/her cybersecurity problem becomes! There is nothing money can buy. They just have to live with it, as a natural phenomenon, much like lightning or rain – or do they? 

Sometimes-the-.jpeg
 

Source of the Problem and Paradox

Materially, we know very well what the problem is: hyper-complexity and obscurity of IT systems and reliance on blind unverified trust throughout supply-chains and life-cycle.

But, as a society, we solved that for commercial airliners and nuclear plants! Only one out of 16 million flights result in an accident. We are extremely good at security engineering, and especially certifications. Why then 1.5 billion mobile devices are made every year, each hackable even by a talented or well-resourced teenager hacker?

The root cause is ultimately the necessity of nations to break all IT at birth to retain legitimate lawful access, and the consequent lack, by design, of a truly trustless and comprehensive IT security certification governance model and body.

Everything is overly complex and broken by design, by powerful nations to retain investigative capabilities to prevent grave crimes. So any solution will need to reconcile the need for privacy and legitimate cyber-investigations.

globe+triangular+blue.jpg
globe triangular blue.jpg
 
apple-liar-2.jpg

Will an app or Apple solve it in the future?

Will we be able to solve this problem with software?

Unfortunately, an app cannot be more secure than the device it runs on.

Will the most secure mobile devices, like the iPhone, ever become "secure enough"?

So far, although it has nearly infinite R&D resources, Apple and the others are not reducing such a gap. We believe it is very unlikely it will ever bridge such a gap, because of one or both of the following reasons.

First, modern smartphones have complexity in technologies and supply chains that cannot be reconciled with the security levels that are needed and demanded by users and society.

Second, on Apple and similar others, a huge pressure exists from powerful governments to let them hack to go after the bad guys. This pressure leads to deliberate activities by Apple employees or state operatives to continuously ensure to leave in - instead of removing - some of the critical bugs that are discovered during development or internal testing (so-called “bug-doors”), and share those with governments in plausibly deniable ways.

Those bug-doors, in turn, become available to hundreds of threat actors - through autonomous discovery, purchase or leak - and innumerable others renting their capability at a very moderate price and minimal risk.