Group items tagged

"Spyware apps were foisted on students at the height of the Covid-19 lockdowns. Today, long after most students have returned to in-person learning, those apps are still proliferating, and enabling an ever-expanding range of human rights abuses. In a recent Center for Democracy and Technology report, 81 percent of teachers said their schools use some form of this "student monitoring" spyware. Yet many of the spyware companies supplying these apps seem neither prepared nor concerned about the harms they are inflicting on students. "

"Researchers at the Citizen Lab at the University of Toronto's Munk School said the spyware, which is made by an Israeli company called QuaDream, infected some victims' phones by sending an iCloud calendar invitation to mobile users from operators of the spyware, who are likely to be government clients. Victims were not notified of the calendar invitations because they were sent for events logged in the past, making them invisible to the targets of the hacking. Such attacks are known as "zero-click" because users of the mobile phone do not have to click on any malicious link or take any action in order to be infected."

"In Mexico, government-exclusive spyware technology is being used to target journalists, human rights defenders, anti-corruption advocates, and international investigators. Luis Fernando Garcia, Director of R3D, explains how technology meant to track terrorists is being turned against activists"

"Spyware sold by an Israeli private intelligence firm was allegedly used to hack the phones of dozens of Al Jazeera journalists in an unprecedented cyber-attack that is likely to have been ordered by Saudi Arabia and the United Arab Emirates, according to leading researchers."

"The disclosure points to a problem security researchers have been warning about for years: that despite its reputation for building what is seen by millions of customers as a secure product, some believe Apple's closed culture and fear of negative press have harmed its ability to provide security for those targeted by governments and criminals. "Apple's self-assured hubris is just unparalleled," said Patrick Wardle, a former NSA employee and founder of the Mac security developer Objective-See. "They basically believe that their way is the best way. And to be fair … the iPhone has had incredible success. "But you talk to any external security researcher, they're probably not going to have a lot of great things to say about Apple. Whereas if you talk to security researchers in dealing with, say, Microsoft, they've said: 'We're gonna put our ego aside, and ultimately realise that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we're able to patch them.' I don't think Apple has that same mindset.""

"These capabilities can afford dramatic powers and control over an individual's everyday life. And when this software is used abusively, it can operate as a predator in a person's pocket, magnifying the pervasive surveillance of the spyware operator."

"WhatsApp announced last year that 1,400 of its users were attacked with the malware, which is made by Israel's NSO Group, over a two-week period last April."

"Cybersecurity researchers say the My2022 mobile app - the official app of the Beijing Winter Olympics - has serious security vulnerabilities and that "all Olympian audio is being collected, analyzed and saved on Chinese servers." Why This Matters: The Chinese government is mandating all Olympic athletes, coaches, and attendees use the My2022 app and, as of Thursday morning, the app is still available in the Apple and Android U.S. app stores where Americans can download it too."

"But TURBINE, which was carried out with other "Five Eyes" spy agencies as part of the NSA's $67.6M "Owning the Net" plan, is intended to automate the infection process, allowing for "millions" of infections at once. "

""Mexico's capacity to spy on its citizens is immense. [And] it's extremely easy for the technology and the information obtained through the spyware to fall into private hands - be it organised crime or commercial," said Jorge Rebolledo, a Mexico City security consultant. "What we know about is only the tip of the iceberg." Andrés Manuel López Obrador Andrés Manuel López Obrador. The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as belonging to people of interest by government clients of NSO Group."

"Countries around the world are deploying technologies-like digital IDs, facial recognition systems, GPS devices, and spyware-that are meant to improve governance and reduce crime. But there has been little evidence to back these claims, all while introducing a high risk of exclusion, bias, misidentification, and privacy violations. It's important to note that these impacts are not equal. They fall disproportionately on religious, ethnic, and sexual minorities, migrants and refugees, as well as human rights activists and political dissidents."

"In cases where Chrome Enhanced Spellcheck or Edge's Microsoft Editor (spellchecker) were enabled, "basically anything" entered in form fields of these browsers was transmitted to Google and Microsoft. "Furthermore, if you click on 'show password,' the enhanced spellcheck even sends your password, essentially Spell-Jacking your data," explains otto-js in a blog post."