The surveillance-as-a-service industry needs to be stepped up

Here we are again: another example of government surveillance related to smartphones from Apple and Google has emerged, and shows how sophisticated government – backed attacks can be and why there are good reasons to keep mobile platforms completely locked.

What happened?

I do not intend to focus too much on the news, but in brief it is as follows:

  • Google Threat Analysis Group published information exposing the hack.
  • The attack was created by Italian surveillance firm RCS Labs.
  • The attack was used in Italy and Kazakhstan, and possibly elsewhere.
  • Some generations of the attack get the help of ISPs.
  • On iOS, attackers misused Apple’s enterprise certification tools that enable in – house app deployment.
  • Approximately nine different attacks were used.

The attack works like this: A unique link is sent to the target that aims to lure them in to download and install a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to entice targets to download the app to retrieve that link.

The zero day episodes used in these attacks were fixed by Apple. It was previously warned that actors are bad abuse its systems that allow businesses to distribute apps internally. The revelation is related to recent news from Lookout Labs regarding an enterprise – grade Android spy called Hermit.

What’s at risk?

The problem here is that surveillance technologies like this have been commercialized. It means that capabilities that have historically only been available to governments are also being used by private contractors. And that is a risk, because very secret tools could be exposed, exploited, back-engineered and misused.

Mar Google said: “Our findings highlight the extent to which commercial surveillance vendors have increased capabilities that have historically only been used by governments with the technical expertise to develop and operate labor. This makes the Internet less secure and jeopardizes the confidence that users rely on. ”

Copyright © 2022 IDG Communications, Inc.

The surveillance-as-a-service industry needs to be stepped up

Source link The surveillance-as-a-service industry needs to be stepped up

Back to top button