Research & development at the intersection of cyberspace, global security & human rights. Munk School of Global Affairs & Public Policy, University of Toronto
🚨 WE URGE ALL USERS TO UPDATE THEIR KEYBOARD APPS IMMEDIATELY 🚨
🆕 New
@citizenlab
report finds vulnerabilities in the security of cloud-based
#pinyin
#keyboard
apps from vendors Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi that could be exploited to reveal
🚨🚨WE URGE EVERYONE TO UPDATE THEIR APPLE DEVICES AS SOON AS POSSIBLE.
We have found an actively exploited
#zero
#click
vulnerability that was used to deliver
#NSO
group’s
#Pegasus
#spyware
.
🚨🚨 BIG : WE URGE ALL USERS TO UPDATE THEIR
#Apple
devices urgently.
@citizenlab
in coordination with
@Google
’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s
#Predator
#spyware
through links sent via SMS and WhatsApp.
WhatsApp has just pushed out updates to close a vulnerability. We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer. Now is a great time to update your WhatsApp software
WhatsApp has announced that it discovered attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s call function.
The app is used by 1.5bn people worldwide.
NEW REPORT: Discovery of an extensive espionage campaign in Thailand 🇹🇭 involving the abuse of NSO Group’s
#Pegasus
spyware
In collaboration with
@iLawFX
and
@DigitalReachSEA
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware.
🚨NEW REPORT: NSO Group’s
#Pegasus
#Spyware
returns in 2022 with a trio of iOS 15 and iOS 16 zero-click exploit chains. The report finds NSO group clients deployed exploits against civil society members including two human right defenders in
#Mexico
NEW REPORT: Bad Traffic: Deep Packet Inspection Devices Used to Deploy
Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
packetlogic-devices-deploy-government-spyware-turkey-syria
We have identified over 100 cases of abusive targeting in at least 20 countries that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.
Have you heard about us on
@joerogan
thx to
@Snowden
? Check out Security Planner! Gives hints on how to make your online experience more secure: . Also see our friends
@EFF
's surveillance self-defence guide
“Leaked documents have long indicated that a number of governments are
targeting their opponents by surreptitiously injecting spyware into their
Internet connections. For the first time ever, we have the proof.” -
@billmarczak
While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we found a zero-day zero-click exploit against iMessage. The exploit, called FORCEDENTRY, targets Apple’s image rendering library & was effective against Apple iOS, MacOS & WatchOS devices.
While ostensibly sold to thwart terrorism, commercial spyware is habitually abused and used to target journalists. “What we have found is that companies either are unwilling or unable to control how their government clients use it.”-
@RonDeibert
The deployment of NSO Group’s Pegasus spyware is, unfortunately, not new. Since 2016, the Citizen Lab + others have documented the abuse of this government-exclusive technology. To help keep track of these developing issues, we've created a living thread for all of our reports🧵
In the two years since heightened calls for democracy in Hong Kong began, thousands of images have been censored on Chinese social media. From calls for international support to memes, no image of the movement is off limits.
Recently, NSO Group extended an invitation to meet and discuss our concerns about their ongoing spyware abuse in more detail. We do not believe this invitation is made in good faith and have declined. Here’s why:
This report examines encryption in the popular Zoom app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses & we identify potential areas of concern in Zoom’s infrastructure, including the transmission of encryption keys through China.
Our latest research is a story of secret hacking capabilities, how a government used them, and the threat they pose to fundamental rights and democracy.
NEW REPORT: SWEET QUADREAMS: A first look at
#spyware
vendor QuaDream’s spy tools, victims and customers.
We identified traces of suspected exploit deployed against iOS versions 14.4 and 14.4.2 and possibly other versions as zero-day vulnerability.
🚨🚨➡️ NEW REPORT OUT > Imagine if someone read everything you type online. Our new report-
“Please do not make it public”, analyzes Tencent's
#Sogou
Input Method, the most popular input app in
#China
has serious vulnerabilities in the encryption system.
🚨🆕 REPORT- "PAPERWALL":
#Chinese
websites posing as local news outlets target global audiences with pro-Beijing content. Over 30 countries, we discover a network of
#disinformation
and attacks masquerading as local news outlets, in local language.
Very excited to launch
@SecPlanner
: advice from the world's leading experts in digital safety. Answer a short survey about your devices and online habits, and we recommend easy and accessible steps you can take to instantly improve your digital security
While Pegasus dominates headlines, it's not alone.
"What is truly daunting to contemplate...is that NSO Group is but one among many companies in a growing marketplace for this type of surveillance technology." -
@RonDeibert
The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities.
"Now, after months of investigation, we can say who was behind this attack. Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to an Israeli technology company called NSO Group."
A network eavesdropper can completely reveal keystrokes for apps we tested. This puts upto a billion people who use these input methods at risk, including people who live in
#China
and diaspora users across the world, and others.
We urge all users of Sogou, Baidu, and iFlytek
Our
#CatalanGate
report reveals the largest number of confirmed spyware victims and targets in a single case, including *every Catalan president since 2010*
What does social engineering look like? Posing as a
@nytimes
journalist and repeatedly asking for feedback on news articles related to your work, hoping that you'll click on malicious links.
Ending the year with amazing news. Our Director
@RonDeibert
has been appointed to this year’s Order of Canada🇨🇦. He says, “it’s no secret that I’ve been critical of our lack of accountability around law enforcement but that doesn’t mean I’m not patriotic”.
Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases.
Read
@NYTBen
's account of our investigation of how we discovered his phone was hacked with Pegasus
@nytimes
:
I Was Hacked. The Spyware Used Against Me Makes Us All Vulnerable.
If you study
#disinformation
, you should bookmark the annotated bibliography assembled by
@gabriellelim
: it gives readers a foundational understanding of the immense amount of work that has been done on digital disinformation and where future research may be heading.
NEW: Two journalists & human rights defenders devices hacked w Pegasus spyware 🇲🇽
Read report by
@R3Dmx
Citizen Lab provided technical validation details
NEW: Read statement by director
@rondeibert
on the fatal flaws found by senior researcher
@billmarczak
in a defunct CIA covert communications system.
We are not publishing the full findings at this time pending responsible disclosure process...
تقرير جديد: ثغرة Zero-Click في تطبيق iMessage استخدمت لاختراق هواتف 36 شخص في
@AlJazeera
باستخدام برنامج NSO. ونعتقد (بدرجة متوسطة) ان الامارات العربية المتحدة والمملكة العربية السعودية وراءها.
According to
@lotus_ruan
and
@gabriellelim
, fears of Chinese disinformation are often exaggerated by overblown assessments of the effects of China’s propaganda campaigns.
In other words: evidence of activity is not the same as evidence of impact.
The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
🚀 EXCITING JOB OPPORTUNITY 📢 We
@citizenlab
are hiring a Research Assistant.
If you are passionate about research and human rights, this could be for you.
⏰ Application deadline: September 30, 2023
👉 Application details:
#researchjobs
To highlight this, we've created a history of the protests and a Lennon Wall: an interactive mosaic of these thousands of censored images, showing just how expansive this system of repression is.
We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.
Starting Nov. 9th,
@RonDeibert
will deliver this year's Massey Lectures on
@cbcideas
. Each of the six episodes will highlight a distinct concept in his new book, from the spread of authoritarian practices to the environmental impacts of social media.
We identified evidence of HOMAGE, a previously-undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
Spyware is huge threat to global human rights & democracy, like "a wiretap on steroids,"
@RonDeibert
@citizenlab
director to testify today before the 🇨🇦 House of Commons on RCMP use of spyware, 3pm ET, urging greater oversight & accountability
JOB POSTING: Interested in the technical, legal, and/or policy aspects of censorship and surveillance? Apply to work with the Citizen Lab as part of the
@OpenTechFund
Information Controls Fellowship! Deadline: June 30
In light of two recent attempts to compromise our work at the Citizen Lab,
@RonDeibert
discusses the tactics used and how such deceitful attacks on an academic group like the Citizen Lab is an attack on academic freedom everywhere
Today at 10:00 am EST,
@jsrailton
will be testifying before the U.S.
@HouseIntel
Committee. He'll be addressing the increasing harms of mercenary spyware companies and the torrent of human rights abuses they support.
Watch live:
The murder of Jamal Khashoggi is directly linked to spyware meant to target criminals, demonstrating an abuse of power in a market without consequence. And in the absence of any meaningful action, this won't be the last lethal use of such technology.
June 4, 1989: Chinese military carries out a brutal crackdown on demonstrations calling for democratic reform, leading to deaths estimated to be between hundreds & thousands. This remains one of the most censored topics on the Internet in China.
#6431truth