So, you know commercial spyware? No I’m not referring to ads or things like pegasus. Talking about those weird providers that market to schools, employers and shitty partners

What measures could be taken to mitigate these threats? When physical can be assumes but the attacker isn’t skilled, just using one of said tools? How would this vary between phones and laptops for example?

Thoughts?

No I’m not in danger, just get curious about this subject once in a while

  • Snot Flickerman
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 days ago

    Most stuff like that is usually part of an MDM suite (mobile device management) and is centrally managed. If, for example, your institution is using Active Directory to manage devices, they’ll likely seek out a service that ties directly into AD.

    There’s not really a way to get out from under this control since it’s remotely managed and removing the management would also disconnect the machine from whatever remote network it’s tied to (schools, employers).

    Shitty partners get advertised whole different stuff… With a partner the best decision is to start the relationship with respect for each others passwords and privacy, not snooping in each others phones, and ending the same way, not snooping on each other. If they can’t physically access it without “hacking” past your secure password/PIN, then they can’t really install stuff like that. I know people feel weird about this because they’ve been cheated on by partners, so pro-tip: find better partners.

  • GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 days ago

    This will be highly platform-dependent, and also dependent on your threat model.

    On PC laptops, you should probably enable Secure Boot (if it’s not enabled by default), and password-protect your BIOS. On Macs you can disable booting from external media (I think that’s even the default now, but not totally sure). You should definitely enable full-disk encryption – that’s FileVault on Mac and Bitlocker on Windows.

    On Apple devices, you can enable USB Restricted Mode, which will protect against some attacks with USB cables or devices.

    Apple devices also have lockdown mode, which restricts or disables a whole bunch of functionality in an effort to reduce your attack surface against a variety of sophisticated attacks.

    If you’re worried about hardware hacks, then on a laptop you’d want to apply some tamper-evident stickers or something similar, so if an evil maid opens it up and tampers with the hardware, at least you’ll know something fishy happened, so you can go drop your laptop in an active volcano or something.

    If you use any external devices, like a keyboard, mouse, hard drive, whatever…well…how paranoid are you? I’m going to be honest: there is a near 0% chance I would even notice if someone replaced my charging cables or peripheral cables with malicious ones. I wouldn’t even notice if someone plugged in a USB keylogger between my desktop PC and my keyboard, because I only look at the back of my PC once in a blue moon. Digital security begins with physical security.

    On the software side, make sure you’re the only one with admin rights, and ideally you shouldn’t even log into admin accounts on a day-to-day basis.