Not a lot of details:
Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April.
New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“:
Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components.
Apple Inc has recently updated its threat notification system to include alerts for Mercenary Spyware targeting individuals and companies. Previously, starting from March 2021, Apple had been issuing alerts to users whose devices were targeted by state-sponsored attacks, a response prompted by the revelation of the NSO Group’s Pegasus software being used to compromise the device of Amazon CEO Jeff Bezos in 2019, to leak his affair with his current pilot girlfriend Lauren Sanchez.
The new update expands the scope of alerts to include notifications for mercenary spyware attacks in over 91 countries, encompassing regions across the West. Users who receive these alerts are advised to thoroughly check their devices for any signs of spying software. Such software is typically deployed to gather intelligence, deploy payloads like ransomware, or render the device inoperable.
In addition to these developments, a new hacking group called Virtual Invaders has emerged, targeting users in regions including India, Pakistan, Singapore, and Africa. There are concerns that the group may eventually turn its attention to users in Western countries.
Researchers from ESET have identified that this group deploys malware called eXotic Visit, often disguised as mobile apps available on the Google Play Store. Despite efforts by companies like Google to enhance security and privacy measures, some malicious actors continue to find ways to evade detection.
As a precautionary measure, mobile users are advised to remain vigilant and monitor the behavior of their mobile applications regularly. Signs such as unusual battery drainage, unexpected device restarts, excessive ads, or overall slowdown in device performance could indicate a potential security threat.
The post Apple issues warning against Mercenary Spyware appeared first on Cybersecurity Insiders.
To determine if your phone has spyware installed, you can follow these steps:
1.Check for Suspicious Apps: Review the list of installed apps on your phone. Look for any unfamiliar or suspicious apps that you don’t remember downloading. Spyware often disguises itself as legitimate apps, so pay attention to any apps with generic names or unfamiliar publishers.
2.Monitor Data Usage: Spyware typically sends data to its creator, which can result in increased data usage. Check your phone’s data usage statistics and look for any signifi-cant spikes or unusual patterns, especially if you haven’t been using your phone more than usual.
3.Battery Drain: Spyware running in the background can cause your phone’s battery to drain more quickly than usual. If you notice that your battery life has suddenly de-creased, it could be a sign that there’s spyware on your device.
4.Unexplained Behavior: Pay attention to any unusual behavior on your phone, such as unexpected pop-up ads, strange notifications, or changes in settings without your per-mission. These could be indicators of spyware activity.
5.Scan with Anti-Spyware Software: Use reputable anti-spyware software to scan your phone for malicious software. There are several reliable apps available for both Android and iOS devices that can detect and remove spyware.
6.Update Operating System and Apps: Make sure your phone’s operating system and all apps are up to date. Developers often release updates to patch security vulnerabilities that could be exploited by spyware.
7.Reset Your Phone: If you suspect that your phone has spyware but can’t find any evidence of it, you may want to consider resetting your phone to its factory settings. This will erase all data and apps from your device, effectively removing any spyware that may be present. Just remember to back up any important data before performing a factory reset.
By following these steps, you can help protect your phone from spyware and ensure that your personal information remains secure. If you’re still unsure whether your phone has spyware af-ter following these steps, consider seeking assistance from a professional cybersecurity expert.
The post Seven tips to find spyware on a smart phone appeared first on Cybersecurity Insiders.
The United States has taken a firm stance on visa restrictions targeting individuals involved in the misuse of commercial spyware. Secretary of State Anthony Blinken announced this statement on February 5, 2024, following a review of legal cases involving forced disappearances, extrajudicial killings, and arbitrary detentions.
Individuals associated with the development and distribution of commercial spying software from countries such as India, Israel, and Jordan are now subject to heightened scrutiny, given their nations’ history of involvement in the trade of espionage-related software.
The NSO Group’s Pegasus software made headlines worldwide in 2021 for its role in enabling politicians, businessmen, and bureaucrats to spy on individuals by covertly installing Pegasus spyware on their communication devices. The ensuing international discussions, allegations, and evidence prompted the Biden administration to implement a policy regulating the use and dissemination of such spyware, rendering the NSO Group ineligible to conduct trade in the United States.
In accordance with amendments to the Immigration and Nationality Act, individuals associated with spyware development companies or software are prohibited from entering the United States under the Biden administration’s policy. However, there remains a need for greater transparency on this issue. It is unclear whether the administration has compiled a list of affected individuals, the extent of the visa restrictions, and the criteria for distinguishing affected individuals from others. This lack of clarity raises concerns about the potential for human rights abuses and underscores the importance of balancing the need for information security with the protection of individual freedoms.
Further details on this matter are expected to be provided in due course.
The post Now Spyware links can lead to Visa restrictions appeared first on Cybersecurity Insiders.
When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands.
Sen. Wyden is trying to get to the bottom of this:
In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.
“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”
Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”
The Department of Justice did not return messages seeking comment on the push notification surveillance or whether it had prevented Apple of Google from talking about it.
Wyden’s letter cited a “tip” as the source of the information about the surveillance. His staff did not elaborate on the tip, but a source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.
Apple has warned leaders of the opposition government in India that their phones are being spied on:
Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….”
AccessNow puts this in context:
For India to uphold fundamental rights, authorities must initiate an immediate independent inquiry, implement a ban on the use of rights-abusing commercial spyware, and make a commitment to reform the country’s surveillance laws. These latest warnings build on repeated instances of cyber intrusion and spyware usage, and highlights the surveillance impunity in India that continues to flourish despite the public outcry triggered by the 2019 Pegasus Project revelations.
Amnesty International has published a comprehensive analysis of the Predator government spyware products.
These technologies used to be the exclusive purview of organizations like the NSA. Now they’re available to every country on the planet—democratic, nondemocratic, authoritarian, whatever—for a price. This is the legacy of not securing the Internet when we could have.