Alert: Apple iOS 14.8 Security Update Spikes Spyware Flaw

 Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. more

Pegasus v. iPhone Update - iOS 14.7.1 Plugs the Loophole

Apple has reportedly fixed the vulnerability in iOS 14.7.1. The security notes don’t specifically mention Pegasus, but they refer to “a memory corruption issue” that “may have been actively exploited.” more

Pegasus Spyware Update: How to Check Your iPhone

If you’re concerned about recent reports of the Pegasus spyware reportedly installed by the Israeli NSO Group to hack journalists and world leaders, there’s a tool to check if it’s hidden on your iPhone. But you probably have nothing to worry about...

But if you’re concerned, there’s a way to test whether your iPhone has been targeted. It’s not an easy test, mind you, but if you’re using a Mac or Linux PC and have backed up your iPhone using it, Amnesty International’s the Mobile Verification Toolkit will be able to detect whether your phone has the Pegasus spyware installed on it. The tool, which TechCrunch tested, works using the macOS Terminal app and searches your latest iPhone backup on your Mac, “is not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal.” You’ll need to install libusb as well as Python 3 using Homebrew. (You can learn more about the installation here.) TechCrunch says the check only takes “about a minute or two to run” once it’s been set up. more

Pegasus Spyware Back in the News

Washington Post... NSO Group’s Pegasus spyware, licensed to governments around the globe, can infect phones without a click... Military-grade spyware licensed by an Israeli firm to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi, according to an investigation by The Washington Post and 16 media partners. more

India Today... Pegasus spying: how Pegasus is installed on phone, what it does, and how to get rid of it...

• Pegasus can be installed on vulnerable phones through a web link or a missed call.
• The spyware can steal passwords, contacts, text messages, and photos.
• The only way to avoid Pegasus after it has infected a phone is by getting rid of the phone.

Pegasus, developed by Israeli cybersecurity firm NSO Group, is a highly sophisticated spyware that has been referred to as the "most sophisticated smartphone attack ever". It was first noticed in 2016 but created a lot of buzz in late 2019 when it was revealed that the spyware was used for snooping on journalists and human rights activists across the globe, including in India. more

Tech Xplore... Pegasus spyware: how does it work?

More recent versions of Pegasus, developed by the Israeli firm the NSO Group, have exploited weak spots in software commonly installed on mobiles.

In 2019 the messaging service WhatsApp sued NSO, saying it used one of these so-called "zero-day vulnerabilities" in its operating system to install the spyware on some 1,400 phones.

By simply calling the target through WhatsApp, Pegasus could secretly download itself onto their phone—even if they never answered the call.

More recently, Pegasus is reported to have exploited weaknesses in Apple's iMessage software.

That would potentially give it access to the one billion Apple iPhones currently in use—all without the owners needing to even click a button. more

Spyware in Wallpaper, Restaurant and Games Apps

Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents, according to a leading cyber-security company.

The efforts were directed against individuals in Iran and 12 other countries, including the UK and US, Check Point said.

It said the two groups involved were using new techniques to install spyware on targets' PCs and mobile devices.

And this was then being used to steal call recordings and media files.

One of the groups, known as Domestic Kitten or APT-50, is accused of tricking people into downloading malicious software on to mobile phones by a variety of means including:

• repackaging an existing version of an authentic video game found on the Google Play store
• mimicking an app for a restaurant in Tehran
• offering a fake mobile-security app
• providing a compromised app that publishes articles from a local news agency
• supplying an infected wallpaper app containing pro-Islamic State imagery
• masquerading as an Android application store to download further software more
  

Two FREE Security Book Offers for Potential Clients

Free books are a great way to get to know who you are dealing with, before you decide to deal with them!

---

While international travel has come to a screeching halt due to COVID-19, the threat of economic and industrial espionage continues to proliferate. 

In fact, due to the global pandemic, intellectual property (IP) and business intelligence (BI) is more valuable than ever to foreign governments and business competitors, looking to gain an economic advantage in the marketplace. 

Among Enemies: Counter-Espionage for the Business Traveler, by Luke Bencie, is a valuable textbook. It should be read by, "corporate executives, defense contractors, lawyers, academics, military personnel, diplomats and virtually anyone else who travels with important information, how to protect their themselves and their interests."

It has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews. You may purchase a copy there. Visit Luke's website (smiconsultancy.com/) first. If his services can help your organization, request a complimentary copy.

---

This informative bundle should also be on every security director's desk...

Is My Cell Phone Bugged?: Everything You Need to Know to Keep Your Mobile Conversations Private (Coincidentally, This book also has a 4.4 out of 5 star rating on Amazon, and 25 excellent reviews.)

The Security Director's Guide to Discussing TSCM with Management

Both are available to Murray Associates potential clients. Complimentary. No obligation. No follow-up sales call unless you request it.

Visit counterespionage.com to learn how to detect and deter electronic surveillance and corporate espionage. Click here to request you complimentary bundle.

Accurate knowledge is the first step in protecting your privacy and valuable information. Contact us through our websites, today.  (offer expires 10/31/2020)

Alliance Trust Savings Censured After Whistleblower’s ‘Spying’ Concerns

A Dundee-based financial firm has been censured by the Information Commissioner over the use of a mobile app which allowed it to access an “excessive amount” of employees’ sensitive personal data...

Alex Forootan, 36, began investigating after receiving an unexpected text message from Microsoft saying someone had attempted to access his email account.

Mr Forootan worked as a database administrator at ATS’s Dundee headquarters between October 2017 and October last year and is set to take the company to an employment tribunal next month.

He recently rejected a £10,000 pay out from ATS over the issue, citing concerns about his ability to raise it to public attention should he accept. more

Spies Keep Sneaking Malware Into Google Play

Google's Play Store for Android apps has never had a reputation for the strictest protections from malware. Shady adware and even banking trojans have managed over the years to repeatedly defy Google's security checks.

Now security researchers have found what appears to be a more rare form of Android abuse: state-sponsored spies who repeatedly slipped their targeted hacking tools into the Play Store and onto victims' phones.

At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store...

Once Kaspersky had identified the PhantomLance apps, its researchers were able to match their code with older malware used by OceanLotus, which has been active since at least 2013. more

Managers: Don’t Rush to Workplace Spyware during Pandemic

A Rutgers organizational psychologist explains ramifications of putting spy software in place.

With millions of employees working remotely due to the coronavirus pandemic, managers—likely new to virtual management—are scrambling to find the best ways to oversee them online.

Computer performance monitoring may interest those looking for “an extra set of eyes,” but workplace surveillance is not that simple, according to John Aiello, an expert in organizational psychology at Rutgers School of Arts and Sciences.“While spy software may relieve the manager’s anxieties, organizations will see an increase in stress on employees and it could decrease productivity,” said Aiello, who has researched the electronic monitoring of workers over the last three decades.

Topics addressed...
How does monitoring software affect productivity?
How does implementing this surveillance affect managers?
Can electronic monitoring be used for “the greater good?”
If employers are thinking about implementing this surveillance, what might be done first? 
more

Facebook Tried to Buy Controversial Tool to Spy on iPhone Users, Court Filing Reveals

Over the last few years, Facebook has had a slew of privacy and security blunders and more details about one of them have come to light through a new court filing as the social media company is suing the spyware company NSO Group. It turns out Facebook tried to buy controversial government spyware to monitor iPhone and iPad users.

Reported by Motherboard, when Facebook was starting to build its spyware cloaked in a VPN product, Onavo Protect for iOS and Android, the social media company reached out to the controversial company NSO Group that creates spyware for government agencies...

Apple made Facebook remove Onavo Protect from the App Store in August of 2018.

Then in 2019 Facebook repackaged it as a “Research app” and tried to pay teens to sideload it on their devices.

The Research app was shut down as well and Facebook finally shutdown Onavo completely in February 2019. more

How to Turn a Tesla Into a Surveillance Station

Truman Kain, senior information security analyst at Tevora, has developed a new device called the Surveillance Detection Scout. As Wired describes it, the DIY computer plugs into the dashboard USB port of a Tesla Model S, 3 or X and uses the car’s built-in cameras to read license plates and faces to alert the driver if someone is following them.

“It turns your Tesla into an AI-powered surveillance station,” Kain told the magazine. “It’s meant to be another set of eyes, to help out and tell you it’s seen a license plate following you over multiple days, or even multiple turns of a single trip.” more

Kettle Gets Called Black... or, Who's Zoomin' Who

Facebook launched a new front in the battle over encryption yesterday by suing the Israeli spyware firm NSO Group for allegedly hacking WhatsApp, its encrypted messaging service, and helping government customers snoop on about 1,400 victims...

The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more

Racoon Steals Data for $200. per Month - Cute

A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.

Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.

Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more

More Than 1,000 Android Apps Spy... even when you deny permission!

Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don't want a flashlight app to be able to read through your call logs, you should be able to deny that access.

But... even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back...

Google said it would be addressing the issues in Android Q, which is expected to release this year.  more

Pre-Installed Anti Malware Phone App Does More Harm Than Good

Researchers have discovered multiple vulnerabilities in a pre-installed app on phones made by one of the world’s biggest smartphone vendors that potentially impacted the privacy and security of more than 150 million Android users worldwide.

According to security researchers at Check Point Research, the vulnerabilities were found in an app pre-installed on smartphones made by Xiaomi, the biggest mobile phone manufacturer in China and India, and the fourth biggest by market share in the world.

The app in question was a self-proclaimed security app dubbed “Guard Provider,” which promised to protect Xiaomi users from malware.

Xiaomi said last year it had originally hoped to offer its smartphones and other hardware here in the States in 2019, though those efforts may have been delayed for PR reasons... more

Whew!

The War Against Smartphone Spyware is On

Eva Galperin says she's learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they've called, texted, and even what they discussed in their most private conversations...

Galperin has a plan to end that scourge for good—or at least take a serious bite out of the industry.

In a talk she is scheduled to give next week at the Kaspersky Security Analyst Summit in Singapore, Galperin will lay out a list of demands:

• First, she's calling on the antivirus industry to finally take the threat of stalkerware seriously, after years of negligence and inaction. 
• She'll also ask Apple to take measures to protect iPhone users from stalkerware, given that the company doesn't allow antivirus apps into its App Store. 
• Finally, and perhaps most drastically, she says she'll call on state and federal officials to use their prosecutorial powers to indict executives of stalkerware-selling companies on hacking charges.

"It would be nice to see some of these companies shut down," she says. "It would be nice to see some people go to jail." more

Check here if you need a solution for checking your Android phone for spyware.

Security Director Alert: Mirai Botnet Targets Corporate Presentation Systems

A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers...

Click to enlarge.

Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues. 

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack. more

In addition to checking for electronic eavesdropping devices and general information security loopholes, make sure your TSCM technicians examine IoT device settings.

Judge Nails Husband for Spyware and Eavesdropping on Wife's Calls ...with her attorney ...twice!

A federal judge has levied sanctions on a tobacco heiress’ estranged husband for destroying evidence related to spyware that he secretly installed on his wife’s phone and used to listen in on her calls, including conversations she had with her attorney. 

It was the second time that a judge has hit Crocker Coulson, who is locked in a bitter divorce with Anne Resnik in state court, with spoliation sanctions for destroying evidence of bugging Resnik’s phone. more

Last year...
A man locked in bitter divorce proceedings with a tobacco heiress was caught bugging his wife’s phone and listening in to her conversations with her attorney, an infraction that a Brooklyn judge said should cost him any claim on the family’s wealth. more

Infographic - Check Your Phone for Spies

There is a lot which can be done to check your phone for spyware. 
Everything from following instructions in a book to a full forensic inspection.

In the meantime, you can start with this...

You can find a slightly larger version here.

Your Mobile Device Could Spill Its Guts (and worse) Get You Arrested

Last year, over 29,000 travelers had their devices searched at the US border.

A new report by the Department of Homeland Security’s internal watchdog has concluded that the agency does not always adequately delete data seized as part of a border search of electronic devices, among other concerns.

According to a new 24-page document released Tuesday by DHS’ Office of Inspector General, investigators found that some USB sticks, containing data copied from electronic devices searched at the border, "had not been deleted after the searches were completed."...

Federal authorities do not need a warrant to examine a phone or a computer seized at the border. They rely on what’s known as the "border doctrine"—the legal idea that warrants are not required to conduct a search at the border. This legal theory has been generally recognized by courts... more

Spybuster Tip #841: Device searches occur (even more often) when entering (or leaving) certain foreign countries. If you need to take your mobile device on a trip you should consider doing a data extraction on your device, before you leave... and before they do it for you.

1. To be sure you are not carrying data that you can't afford to loose.
2. To be sure you are not carrying contraband data (porn, propaganda, etc.).
   Remember, even erased data can be exhumed by them.
3. To document the actually data you are taking—to counter false accusations.

Learn more here. Upon returning a spyware detection inspection is also recommended.