Ask HN:如何强化你的手机安全?
1 分•作者: mandeepj•9 个月前
受到这个帖子的启发 - https://news.ycombinator.com/item?id=45106903
每当我听到 Pegasus 应用或在 HN 上读到相关内容时,我都会有点担心。所以,今天又是这样的一天。
我相信我们在 HN 上有网络安全专家、安全研究人员和信息安全专业人士。你们推荐什么方法来保护你的手机,尤其是 iPhone,使其坚如磐石?我找到了一篇文章,虽然有点过时,但建议不要使用 FaceTime 和 iMessage。但在另一次搜索中,我发现 iMessage 比普通的 SMS/文本更安全。我更担心的是零点击漏洞。
https://usa.kaspersky.com/blog/how-to-protect-from-pegasus-spyware/26103/
我有一个想法——在你的手机上安装一个防火墙[0]来阻止任何传入请求或将其隔离以供审查,这是否可行?对用户发起的请求的响应与发送到你手机的独立请求不同。澄清一下,以避免混淆两者。
此外,还有一个流量监控器[1]来监视过多的传出流量或过多的硬盘读取,以检测你是否受到攻击。
我一直在考虑开发一个自定义的安全保险库应用程序,更像是一个隔离的沙盒;如果我认为我能做到,我会分享更多细节。非常感谢任何指针、书籍、文章或视频。
安全是一个引人入胜的话题;让我们来讨论一下。
[0] : https://apps.apple.com/us/app/guardian-firewall-vpn/id1363796315
[1]: https://apps.apple.com/us/app/traffic-monitor-with-widget/id482570191
[2]: https://www.youtube.com/watch?v=1p0Xm-Opzjg (捕获 NSO 集团的 Pegasus 间谍软件)
[3]: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf
[4]: https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/
查看原文
Inspired by this thread - https://news.ycombinator.com/item?id=45106903<p>Whenever I hear the Pegasus app or read about it at HN, I get a bit worried. So, today was that day again.<p>I'm sure we have cybersecurity experts, security researchers, and Infosec pros here at HN. What do you recommend to keep your phone, especially an iPhone, hardened as a brick? Came across the following article, although a bit dated, which suggests not using FaceTime and iMessage. But in another search, I found iMessage is more secure than just plain old SMS/Text. I'm more worried about zero-click exploits.<p>https://usa.kaspersky.com/blog/how-to-protect-from-pegasus-spyware/26103/<p>Just a thought - would having a firewall[0] on your phone to block any incoming request or quarantine it for review will work? A response to a user-initiated request is different than an independent request coming to your phone. A clarification to avoid mixing both.<p>Also, a traffic monitor[1] to watch excessive outgoing traffic or excessive hard drive reads to detect if you are compromised.<p>I've also been thinking about developing a custom Secure Vault app, more like an isolated Sandbox; I'll share more details about it if I think I can pull it off. Any pointers, books, articles, or videos are greatly appreciated.<p>Security is a fascinating topic; Let's discuss.<p>[0] : https://apps.apple.com/us/app/guardian-firewall-vpn/id1363796315<p>[1]: https://apps.apple.com/us/app/traffic-monitor-with-widget/id482570191<p>[2]: https://www.youtube.com/watch?v=1p0Xm-Opzjg (Catching NSO Group's Pegasus spyware)<p>[3]: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf<p>[4]: https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/