The capabilities TLAs have costs hundreds of millions of dollars to develop, and once caught, are worthless. TLAs are extremely careful with their toys to avoid them being caught.
This Adtech company is claiming to have something at that level, which they are deploying everywhere. If it existed, it would have been found the day after they announced it, the security researcher industry would be all over it. They are very intelligent people who do understand those devices inside and out, if it existed they would find it. Remember, these are the same researchers who frequently out actual TLA tools.
You can’t prove a negative, so it definitely is a probability thing, but I put the probability at basically 0 that they have what they claim.
happy to get into into these subtopics, but it’s also possible i may not be understanding you properly because i agree with alot of what you just said.
what are you attributing the close to 0 probability to?
if you wanna say “whats the probability that CMG was at least partly talking out their arse about their capabilities (and especially any claim they were currently in possession of that capability)?”
i’d also give it like >90% probability they (CMG) are full of shit. in which case you could say i agree with you (to within say 10% error margin).
if you’re instead saying the probability is ~100% that audio surveillance capability cannot possibly currently exist outside TLAs because “someone would’ve published it already” then i really cannot agree. (and afaict that ars article does not support that stance either)
Any idiot and chatgpt could knock up an overt always listening app in an afternoon. I have no doubt shady apps already can do this. Its not hard or expensive. (Backend storage and audio processing costs are a different kettle of fish, and I think those make this fairly prohibitive as well, but that’s a funding problem, not a technical problem.)
But as soon as they make the claim that it doesn’t trigger the microphone LED on iOS and Android, across all devices, then that’s a “technically hard” problem. That’s multiple zero days across multiple devices. Its just not feasable for an ad tech firm. They would never be able to recoup that investment.
I’m happy to be proven wrong, but so far all the researchers in the world have found nothing.
So I’m attributing near 0% chance that anyone outside of nation states have the later tech (device agnostic covert audio recording).
But to be useful for an advertising network, it kinda needs to be installable on everything. And if it failed to suppress the mic LED on a single device, it would be very easily noticed?
The capabilities TLAs have costs hundreds of millions of dollars to develop, and once caught, are worthless. TLAs are extremely careful with their toys to avoid them being caught.
This Adtech company is claiming to have something at that level, which they are deploying everywhere. If it existed, it would have been found the day after they announced it, the security researcher industry would be all over it. They are very intelligent people who do understand those devices inside and out, if it existed they would find it. Remember, these are the same researchers who frequently out actual TLA tools.
You can’t prove a negative, so it definitely is a probability thing, but I put the probability at basically 0 that they have what they claim.
https://arstechnica.com/gadgets/2023/12/no-a-marketing-firm-isnt-tapping-your-device-to-hear-private-conversations/
happy to get into into these subtopics, but it’s also possible i may not be understanding you properly because i agree with alot of what you just said.
what are you attributing the close to 0 probability to?
if you wanna say “whats the probability that CMG was at least partly talking out their arse about their capabilities (and especially any claim they were currently in possession of that capability)?”
i’d also give it like >90% probability they (CMG) are full of shit. in which case you could say i agree with you (to within say 10% error margin).
if you’re instead saying the probability is ~100% that audio surveillance capability cannot possibly currently exist outside TLAs because “someone would’ve published it already” then i really cannot agree. (and afaict that ars article does not support that stance either)
Any idiot and chatgpt could knock up an overt always listening app in an afternoon. I have no doubt shady apps already can do this. Its not hard or expensive. (Backend storage and audio processing costs are a different kettle of fish, and I think those make this fairly prohibitive as well, but that’s a funding problem, not a technical problem.)
But as soon as they make the claim that it doesn’t trigger the microphone LED on iOS and Android, across all devices, then that’s a “technically hard” problem. That’s multiple zero days across multiple devices. Its just not feasable for an ad tech firm. They would never be able to recoup that investment.
I’m happy to be proven wrong, but so far all the researchers in the world have found nothing.
So I’m attributing near 0% chance that anyone outside of nation states have the later tech (device agnostic covert audio recording).
why does it need to be device agnostic?
That’s just what CMG claimed to have.
But to be useful for an advertising network, it kinda needs to be installable on everything. And if it failed to suppress the mic LED on a single device, it would be very easily noticed?