The article mentions the no-interaction exploit used:

> The attacks utilized a cyber weapon called Karma. As Reuters reported in January, Karma allowed Raven operatives to remotely hack into iPhones by inputting a target’s phone number or associated email address into the attack software. Unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said. Apple declined to comment.

Wow. Sorry, I didn't see that part.

I'm surprised it's still circulating then, it sounds like a very serious bug. It's still not known? (No CVE?)

It’s been patched. There may be others currently in use, or that will be found and used in the future, but this specific bug was killed.

> I'm not sure anyone will burn a no interaction zero day on a human rights journalist.

There have been multiple reports of no interaction zero days used on journalists, including in the article above. Turns out, authoritarian governments really hate journalists who aren't sympathetic toward their regimes.

True, but if you're a journalist I can't imagine how you avoid clicking on links sent to you reliably. And if something 'important' comes your way you might just elevate yourself to the "big boy" level of exploits.

A "click a link in an email" exploit is probably not too expensive to burn on a journalist, and "click this link in this email" is absolutely one of the top 3 attack vectors for ordinary users.

Lots of people do all sorts of theatrical security things without having any real savvy for the real threats they face.

>Lots of people do all sorts of theatrical security things without having any real savvy for the real threats they face.

For example, switching to a dumbphone makes them likely to be more insecure, since they usually operate on 2 or 3g and offer zero encryption.

I don't think 4G/LTE encryption is a win so much as running your comms over IP, with application-layer encryption, is a win --- and that's something you generally need a smartphone for.