Bill Thompson

AM sounds worse.

When I was training people in the military on this, I always used the analogy of if a party is happening next door, you can hear the bass music, but you can't hear the treble.

You can hear the bass music because that frequency travels farther because it's lower in their frequency band.

But you can hear the treble,

because or you can't hear the trouble i'm sorry because it's higher frequency and there's more modulation and so it disperses quicker and you can't hear it as well and it's the same thing with like vlf comms coming off of like a submarine can travel underwater for a very long ways but you can't put as much information in them as you could if you were doing you know vhf or uhf comms where there's lots of modulation so it's the dispersal and you know

A lot of my mid part of my career was explaining this stuff to military guys who were trying to understand like here's how a cell phone works and this is how frequency works and this is how we send information and just kind of demystifying how a GSM network works.

And that's the beauty of the free market, is that the innovation to perform the function that you want someone to pay for will always move faster than your ability to exploit the technology.

Then how do you explain things like Pegasus?

Well, I mean, something like Pegasus, well, first off— Explain Pegasus to people that don't know.

It was a persistent implant on cell phones for people.

Initially, it was a click, and then it became a non-click exploit.

So in other words, you had to interact with something on the phone in order to initialize and install the implant.

And then after – but the reason why it was so good is because it wasn't stored in the usual areas that you would want a persistent – or where you would have a persistent implant.

For instance, you might want to put it in the application layer of an app or something like that where there's a binary that can run and execute commands or functions.

I won't get into the very specifics of where and how they did this because I'm not sure if I got this information from the government or not, so I won't say it, but they stored it in a place where it wasn't normal.

You can read papers on your own and look at the forensics of it and how the actual implant was executed.

But it essentially allowed people to own your phone and was the kind of implant I only dreamed of when I was helping develop my own implants in the military.

Mostly what we would rely on is zero-day architecture and looking for something in a phone that either they hadn't patched or that the phone that you were looking at hadn't been patched.

So phones, as they have their own red teams, are going through the phone for their own, because they want to sell a product that people will use, and people won't use stuff that can get hacked.

So they'll do their own red teaming, and they'll discover, like, oh, you know, on this router we developed, we left this port open, and it shouldn't have been open.