Posts Tagged ‘Citizen Lab’

Commercial spyware out of control and becoming threat to human rights defenders

December 6, 2017

Read the rest of this entry »

Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html

Bahaa Nasr teaches cyber security to Syrian opposition against their digital enemies

February 10, 2015

Forbes of 2 February 2015 carries an interesting piece by Thomas Fox-Brewster about Bahaa Nasr, a man who “Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies“.

After a description of recent attacks on opposition forces of the Syrian regime, the article – which does not distinguish a lot between human rights defenders and armed opposition – states that those under attack are in need of better cyber awareness. “That’s where Bahaa Nasr comes in. He runs Cyber Arabs, which provides digital security training not only for Syrians but for activists, human rights defenders and journalists across the Arab world.

Bahaa Nasr of Cyber Arabs - AP Photo/Bilal Hussein

Syria, of course, has been a strong focus of our work in the past years due to the multitude of risks CSO [civil society organization) activists are facing there. While originally the main threat came from the regime and from groups like the SEA, now there is more and more concern about extremist groups like ISIS also resorting to cyber attacks,” he tells me over encrypted email.

He notes one of the most common techniques is social engineering, as the opposition has come to realise. But there are also targeted malware attacks, such as those allegedly launched by ISIS.

Then there are cruder methods at play in Syria’s information war. “Checkpoints are also a problem in many places where they often confiscate computers and mobile phones and thus gain access to data and accounts and new entry points for social engineering attacks,” Nasr adds.

He claims Cyber Arabs has helped around 500 activists, journalists, human rights defenders and citizen journalists from 17 Arab countries. At least 200 were from Syria. Training takes place in person and online, covering general digital hygiene: recognising and avoiding phishing attacks or social engineering attempts, good password practices, learning about different kinds of malware and how to improve the security of social media accounts. Cyber Arabs also teaches use of tools tailored for people’s needs, including secure email and instant messaging, and encryption. There’s an Android app to help stay up to date on the latest threats in the region too.

Nasr has been working closely with a range of influential groups, including Citizen Lab, a research collective based in Toronto, which focuses on digital attacks on activists. John Scott Railton, a member of Citizen Lab, described Cyber Arabs’ work as simply “amazing”. With such help available to Syrians, it’s hoped they won’t suffer from smart online offensives on their systems as they try to bring an end to a horrific, protracted war.”

This Man Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies.