There are commercial spyware products on the market that allow access to significant functions on the infected phones without the users knowledge. These include ALIEN and PREDATOR from Intellexa, and FORCEDENTRY and Pegasus from NSO.
Passkeys can be generated on Android and iOS. As well as biometric identification methods this also supports PIN secured passkey generation. If an infected device uses PIN secured passkeys to authenticate with a service can the attacker access this service?
