Landfall: A Case Study in Commercial Spyware
Purism
Latest posts by Purism (see all)
- PureOS Crimson Development Report: October 2025 - November 14, 2025
- Landfall: A Case Study in Commercial Spyware - November 14, 2025
- EvilAI Malware Exploits AI Targets Organizations Worldwide - November 14, 2025
Landfall Spyware: A Reminder of Why Purism’s Auditable Source Matters
The recently uncovered Landfall spyware campaign is more than another example of commercial-grade surveillance malware, it’s a clear demonstration of why transparency, verifiability, and user sovereignty are no longer optional in modern computing.
Landfall exploited zero-day vulnerabilities in Samsung’s proprietary Android image-processing libraries, enabling silent infection through nothing more than viewing a malicious DNG file. The payload could record audio, track location, harvest private data, and maintain persistence deep within the system.
For Purism, the lesson is simple: when mobile ecosystems hide their inner workings behind non-free (closed-source) binaries and delay patching until after exploitation, users remain vulnerable. Purism’s open and auditable approach is not just idealistic; it is practical protection. It offers fully freedom respecting software.
Landfall: A Case Study in Commercial Spyware
Security researchers found that Landfall used a modular framework delivered via booby-trapped image files. It exploited CVE-2025-21042, a flaw in Samsung’s proprietary DNG library, to achieve remote code execution. Once active, the spyware could:
- Record microphone audio
- Collect photos, contacts, SMS, and call logs
- Track location
- Persist by manipulating SELinux
- Communicate with attackers through encrypted channels
The implications are clear: proprietary ecosystems create ideal long-term exploitation conditions for spyware vendors.
Purism’s Position: Auditability and User Control as a Security Model
Purism’s mission is to invert this power dynamic. Where spyware thrives in secrecy (often for long periods without detection), Purism builds security through transparency, freedom respecting software, and providing full user control.
Why Purism’s model is the antidote to Landfall-like threats:
- Transparency reduces attack surface
PureOS is 100% free software, even endorsed by the Free Software Foundation. Its entire source code can be audited, tested, and verified. There are no hidden binaries, no blind spots. - Community-driven security
Vulnerabilities are openly reported, openly patched, and openly verified across all projects areas. - Hardware isolation by design
The Librem 5 and Liberty Phone physically separates the modem from the CPU and includes hardware kill switches for the camera, microphone, Wi-Fi, Bluetooth, and baseband modem. Spyware relying on silent persistence tricks can’t bypass hardware that’s literally disconnected. - A business model built on trust
Purism rejects surveillance capitalism entirely. While other ecosystems monetize data and depend on closed components, Purism earns trust by giving users control.
Landfall Tactics vs. Purism Countermeasures
| Landfall Technique | Purism Countermeasure |
| Exploits hidden, proprietary libraries | PureOS uses fully freedom software, auditable libraries |
| Zero-click infection via messaging apps | Sandboxing limits app reach |
| Persistence via SELinux manipulation | Hardware kill switches sever attack paths |
| Data exfiltration (mic, photos, contacts) | No telemetry; privacy-by-default design |
| Closed-source components blocking audits | Fully auditable software |
The Bigger Picture
Landfall follows a pattern we’ve seen with Pegasus, Predator, and other commercial spyware: attackers exploit the opacity of proprietary systems and the complacency it enables.
In contrast, Purism’s approach, full auditable software, verifiable code, privacy-based hardware architecture, is the counterweight to this global trend. Spyware thrives on darkness; Purism’s ecosystem is designed for visibility.
Conclusion: A Deeper Problem in Mobile Computing
Landfall isn’t just another threat; it’s a symptom of a systemic issue in the tech industry. When users cannot verify the software running on their devices, they inherit risks they cannot see or control.
Purism’s commitment to transparency, user sovereignty, and open source design is more than a philosophy.
It is a practical, measurable defense against real-world threats, today and tomorrow.
In a world of hidden exploits, Purism stands out by making its defenses visible, verifiable, and accountable.
Purism Products and Availability Chart
| Model | Status | Lead Time | ||
|---|---|---|---|---|
 | Librem Key (Made in USA) | In Stock ($59+) | 10 business days | |
 | Liberty Phone (Made in USA Electronics) | In Stock ($1,999+) 4GB/128GB | 10 business days | |
| Librem 5 | In Stock ($799+) 3GB/32GB | 10 business days | |
 | Librem 11 | In Stock ($999+) 8GB/1TB | 10 business days | |
 | Librem 14 | Out of stock | New Version in Development | |
 | Librem Mini | Out of stock | New Version in Development | |
 | Librem Server | In Stock ($2,999+) | 45 business days | |
 | Librem PQC Encryptor | Available Now, contact sales@puri.sm | 90 business days | |
 | Librem PQC Comms Server | Available Now, contact sales@puri.sm | 90 business days |
Recent Posts
Related Content
- PureOS Crimson Development Report: October 2025
- Landfall: A Case Study in Commercial Spyware
- EvilAI Malware Exploits AI Targets Organizations Worldwide
- Librem PQC Encryptor: Future‑Proofing Against Both SS7 and Quantum
- Sound Recorder App Now Available
