“Without intense engineering focus, we believe that they will continue to be heavily targeted, and successfully exploited. “As presently engineered, many chat apps have become an irresistible soft target,” the researchers wrote. The researchers also underlined the need to secure messaging apps, which have increasingly been seen as an easy target for malicious actors online. “Selling technology to governments that will use the technology recklessly in violation of international human rights law ultimately facilitates discovery of the spyware by investigatory watchdog organizations, as we and others have shown on multiple prior occasions, and as was the case again here,” they added. “Despite promising their customers the utmost secrecy and confidentiality, NSO Group’s business model contains the seeds of their ongoing unmasking,” the researchers wrote in a blog post. Microsoft announced in July that it had disrupted the use of what it described as “cyberweapons” manufactured and sold by an “Israel-based private sector offensive actor” to target victims worldwide including journalists and human rights activists.Ĭitizen Lab published a separate report in July in conjunction with Microsoft’s actions labeling the organization as “Candiru” and noting that the group’s spyware products had likely been sold in recent years to the governments of Uzbekistan, Qatar, Saudi Arabia, the United Arab Emirates and Singapore to monitor targets.Ĭitizen Lab researchers emphasized Monday that organizations such as NSO Group were helping facilitate “despotism-as-a-service” through selling their products to governments. Spyware has increasingly become a concern beyond NSO Group.
Microsoft filed an amicus brief in support of the case last year. WhatsApp accused NSO Group in 2019 of allowing its spyware to be used by governments to target high-ranking officials. citizens and organizations along with foreign governments. Reuters reported last year that the FBI was investigating the use of NSO Group spyware in potential hacking operations against U.S. This is far from the first time that products from NSO Group, and the company itself, have come under fire for allegations of human rights and privacy abuses. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” Krstić added.Ī spokesperson for NSO Group told The Hill in a statement Monday that “NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime” but did not comment directly on the Citizen Lab report. “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
“We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly,” Krstić said. Apple Issues Emergency Security Updates to Close a Spyware Flaw Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as. All rights reserved.Ivan Krstić, head of Security Engineering and Architecture at Apple, told The Hill in a statement Monday that Apple had “rapidly developed” the security updates after identifying the vulnerability. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.Ĭopyright 2022 The Associated Press. Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. NSO Group has been blacklisted by the U.S. In all cases, it cited an anonymous researcher.Ĭommercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time. Apple did not say in the reports how, where or by whom the vulnerabilities were discovered.
0 kommentar(er)
