Well, in the planting scenario I didn't mention the attacker uploading it to iCloud directly because that's exponentially harder nowadays.
If you're hit by an NSO client and they have an agent running in your phone checking in with their C2, what do you think would be easier :
1 - Run a reverse proxy in your phone, steal your credentials (or session data) and use that connection to upload the material
2 - Write it to disk and wait for the media scanner service to pick it up and act on it?
I mean, in the end it's not about the technology but the people operating it, if apple is really incompetent and law enforcement is shitty as usual then yeah, people might end up behind bars for no reason, which sucks but in that case I think the focus shouldn't be the technology itself but how shitty and unfair the system is.
If you're hit by an NSO client and they have an agent running in your phone checking in with their C2, what do you think would be easier :
1 - Run a reverse proxy in your phone, steal your credentials (or session data) and use that connection to upload the material 2 - Write it to disk and wait for the media scanner service to pick it up and act on it?
I mean, in the end it's not about the technology but the people operating it, if apple is really incompetent and law enforcement is shitty as usual then yeah, people might end up behind bars for no reason, which sucks but in that case I think the focus shouldn't be the technology itself but how shitty and unfair the system is.