Apple sues ‘abusive’ iPhone spyware firm | Information Age

Apple is suing an “abusive” Israeli software firm whose spyware has been used by numerous totalitarian governments to spy on journalists, human rights activists, and other persons of interest.

The technology giant this month filed a lawsuit against Tel Aviv firm NSO Group and its parent company, Q Cyber Technologies, seeking damages and a permanent ban preventing the group from using any Apple software, services, or devices.

As part of its campaign against NSO, Apple will fund and provide technical support for anti-surveillance technology groups.

The NSO’s use of FORCEDENTRY – a now-fixed vulnerability that can bypass security controls in Apple’s iOS operating system – enabled it to install Pegasus spyware on targetted iPhones without the victim’s knowledge.

Once installed, Pegasus monitors iPhone activity and communications over iMessage, FaceTime, and third-party software like Facebook and WhatsApp.

It is putatively designed to support law-enforcement agencies and the company claims to “hold ourselves to the highest standards for ethical businesses”, but its historical sales to governments such as Bahrain, Panama, Dubai, and Saudi Arabia – which used it to surveil Washington Post journalist Jamal Khashoggi before he was murdered – have drawn widespread condemnation.

In July, a major multinational investigation, called the Pegasus Project, united 16 media outlets to investigate NSO Group and found a list of 50,000 journalists and politicians targetted by its clients.

More recently, Pegasus was found on the devices of six Palestinian human-rights activists.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” said Apple senior vice president of software engineering Craig Federighi in announcing the lawsuit, which also seeks damages for “flagrant violations of US federal and state law”.

“Private companies developing state-sponsored spyware have become even more dangerous,” Federighi said, lauding the efforts of security researchers at the University of Toronto’s Citizen Lab – who discovered that the ‘zero-click’ Pegasus malware can be…


Network vs. mobile device management in the age of remote work

Network vs. mobile device management in the age of remote work | Security Magazine


Cybercrims trick Microsoft into certifying malware | Information Age

Cybercriminals have manipulated a Microsoft security mechanism to bypass Windows security controls, security researchers have said in publishing details of malware that has targeted gamers with credential theft for more than a year.

Named FiveSys by the Bitdefender researchers that discovered it, the new rootkit – malicious software designed to give cybercriminals ‘root’ access with unlimited control of a targeted computer – quietly redirects traffic to specific Internet addresses related to online gaming, allowing them to monitor the activities of targeted users.

The code successfully masked its true functionality well enough that it went undetected by Microsoft’s Windows Hardware Quality Lab (WHQL) quality-assurance process, which requires product developers to test device drivers for compatibility using the Windows Hardware Lab Kit (HLK).

Logs from this testing are then submitted to Microsoft’s Windows Quality Online Services (WQOS), which confirms the software is suitable for use on Windows.

WQOS creates a unique digital signature that enables certified drivers to be installed on a Windows computer using the official Windows Update program – which lends a degree of confidence for end users.

“Digital signatures are a way of establishing trust,” an analysis by Bitdefender’s DracoTeam says, noting that the issuing of a valid certificate “helps the attacker navigate around the operating system’s restrictions on loading third-party modules.”

“Once loaded, the rootkit allows its creators to gain virtually unlimited privileges”.

The use of fraudulently acquired digital signatures isn’t new, but previous attacks usually relied on cybercriminals stealing a third party’s digital certificate and attaching it to their own code to slip under the operating system’s security radar.

Because digital certificates are tied to their original owner, whose details are displayed when the software is being installed, malware signed in this way would be an obvious fake if scrutinised.

However, when FiveSys was being installed, Windows would tell end users that the application was signed by Microsoft – seeming for all intents and purposes to be…