On my garden shed is a combination lock that can be opened with a thin piece of metal shoved between the combination wheels. However, it’s probably pretty safe because I don’t think it’s worth the thief’s time and energy to break into the lock to snarf some tomato cages.
A phone contains a lot of valuable information. It has who you’ve been talking to. It knows where you’ve been. It knows where you hide. And if you’re a high enough profile figure, that information could be worth billions to someone. You need way more than a combination lock to keep that info safe.
Apple pays bug bounties as high as $1,500,000 — at least publicly. Imagine finding a bug and deciding taking it to Apple for a million and a half is just too low.
It is rumored that NSO pays tens of millions for a security hack. It also hires programmers and other tech specialists that do nothing but hunt for hacks.
I imagine for a state actor, spending tens of millions to take down a top dissident is well worth the payment. And NSO has thousands of people who are targeted by their Pegasus software. It is apparently a lucrative business and I bet there isn’t a whole lot of competition. There aren’t that many high tech experts with zero scruples out there.
Apple just released a patch they hope will stop Pegasus. At least for now. However, certain states actors are willing to pay millions to break into iPhones, so this won’t be the last story.