Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
krupan 4 hours ago

I followed the link to the Pixel 9 bug/exploit and saw this:

"Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user"

Haven't we learned our lesson on this? Don't read and act on my sms messages without me asking you to!

JumpCrisscross 2 hours ago | parent | next [-]

> Haven't we learned our lesson on this?

What is the purported lesson we should have learned? Users choose phones with rich messaging features. This was a major selling point for iPhone, first, with iMessage, and later with Android until iOS caught up with RCS.

GeekyBear 20 minutes ago | parent | next [-]

One of the things Apple's Lockdown mode does is disable previews of images or links that are sent to you.

It seems like the lesson is that you shouldn't be processing data sent to the device by random strangers without the user explicitly choosing to open the file or follow the link.

pessimizer 28 minutes ago | parent | prev [-]

> What is the purported lesson we should have learned?

Not to automatically execute things within data that we have been sent.

sneak 15 minutes ago | parent [-]

I think it's "don't use parsers written in unsafe languages".

bigyabai an hour ago | parent | prev | next [-]

> Don't read and act on my sms messages without me asking you to!

Somewhere there's an NSA agent reading this and laughing like a gin addict on payday.

saganus 2 hours ago | parent | prev | next [-]

How are they going to make trillions of dollars if not!?

IshKebab 36 minutes ago | parent | prev | next [-]

I don't know if that is the right lesson. It's kind of like "don't click on links"... Err, no. You should be able to click any link without getting hacked.

ImPostingOnHN 22 minutes ago | parent [-]

Sure, in an ideal world different from this one. You should be able to do anything on any device and never worry about security.

Unfortunately, since we don't live in that world, we need to not open links, emails, text messages, etc, if they are sketchy.

A better solution may someday exist, but as of yet has not been found.

kybernetikos 4 minutes ago | parent [-]

"Don't click on links" is not a solution, and it's not something people actually do, it's just something they think they do.

Corporate Security will tell you that it's ok to click links to the payroll system or hr or vanta or sage or the 'secure email service' or jira or github or to docusign or the microsoft document that a partner company sent you, but not ok to click links in the phishing email that looks like one of those that they sent you.

It's not possible to tell whether a message giving you a link to something is 'sketchy' or not before clicking the link.

wnevets 3 hours ago | parent | prev | next [-]

"move fast and break things"

kotaKat 3 hours ago | parent | prev [-]

"But the users never know what they want to do! We have to shove suggestions and recommendations at them at every! waking! moment!"