Nso Group - NEWS POLITE

iPhone Lockdown Mode: Proof of Concept Website Can Detect if It is Enabled on Your Phone

iPhone Lockdown Mode was announced by Apple as a way to help people who face grave, targeted threats to their digital security. Apple calls this an extreme but optional protection for a small number of users, including journalists, politicians, and for human rights advocates, who are in the crosshairs of state-sponsored spyware, like Pegasus, which was developed by Israel-based NSO group. However, it looks like that a simple, proof of concept website can detect whether you have the mode enabled and may potentially make you a target.

As per a report by Motherboard, a proof of concept website developed by John Ozbay, who is a privacy activist and the CEO of privacy focused company Cryptee, can instantaneously detect whether you are using the Lockdown Mode on your iPhone or not.

Apple developed this feature to add a new layer of protection after at least two Israeli firms exploited flaws in Apple’s software to remotely break into iPhones without the target needing to click or tap anything. Pegasus software by NSO Group can carry out such attacks by injecting malware and accessing private user data. Once Lockdown Mode is enabled, it will not function as it typically does. Apps, websites, and features will be strictly limited for security, and some experiences will be completely unavailable.

“Let’s say you’re in China, and you’re using Lockdown Mode. Now, any website that you visit could effectively detect you are using Lockdown Mode, they have your IP address as well. So, they will actually be able to identify that the user with this IP address is using Lockdown Mode. It’s a tradeoff between security and privacy. [Apple] chose security,” Ozbay was quoted as saying. Ozbay says that among the various features that Lockdown Mode disables, the lack of loading custom fonts is “the easiest thing to detect and exploit.”

“It took us five minutes to put the code together and see if this was working,” he told Motherboard. The privacy activist also says that this issue is technically not a bug but a specific drawback of how Lockdown Mode is designed and there may be no way around it. He says that there is only one way Apple can mitigate this issue and that is by fundamentally changing how the Lockdown Mode works.

Apple claims that Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defences and strictly limits certain functionalities. iOS 16 is likely to be released next month and iPadOS may debut in October.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

DC Films Eyes Lego Franchise Producer Dan Lin as New Head, in the Vein of MCU’s Kevin Feige: Report

Check out our Latest News and Follow us at Facebook

Original Source

Apple Reveals Serious Security Flaws Affecting iPhone, iPad, Mac Models; Experts Urge Users to Update Devices

Apple disclosed serious security vulnerabilities for iPhone, iPad and Mac models that could potentially allow attackers to take complete control of these devices. Apple released two security reports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications. Apple’s explanation of the vulnerability means a hacker could get “full admin access” to the device. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.

Security experts have advised users to update affected devices — the iPhone 6s and later models; several models of the iPad, including the 5th generation iPad and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.

Apple did not say in the first or second report how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.

Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.

NSO Group has been blacklisted by the US Commerce Department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.

Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.

Check out our Latest News and Follow us at Facebook

Original Source

Thai Minister Backtracks on Spyware Admission as Government Denies Pegasus Use

A Thai minister on Friday sought to walk back remarks before parliament that authorities had used spyware to monitor individuals, taking a U-turn on his admission just days earlier that surveillance software was actively being used.

Under questioning on Tuesday from opposition lawmakers alleging use of Israeli-made Pegasus spyware, Digital Economy and Society Minister Chaiwut Thanakamanusorn said he was aware surveillance software was being used, for national security and drug-related cases.

But in an about-face on the final day of the debate, Chaiwut said his comments were general observations not specifically about Thailand.

“I said I knew of the system that is used on security and drug (suppression) but I did not say that it existed in the Thai government,” Chaiwut told parliament of Friday.

Thai authorities have come under pressure following a joint investigation by a Thai human rights group and two international tech firms that concluded Pegasus was used to hack phones of at least 30 Thai political activists and government critics, going back to 2014.

Pegasus has been used by governments to spy on journalists, activists, and dissidents and its creator NSO Group has been sued by Apple and placed on a US trade blacklist.

NSO group has yet to respond to Reuters questions on the Thailand allegations.

The Thai Opposition Move Forward party alleged in parliament that one of its lawmakers and two former legislators had also been hacked using Pegasus.

But Thai Prime Minister Prayuth Chan-ocha, who came to power in a coup in 2014, on Friday rejected allegations that Pegasus had been used, saying there was no need to waste state budget on it.

The police earlier this week denied using Pegasus, while deputy defense minister Chaichan Chanmongkol said there was no such use of spyware by the military.

Check out our Latest News and Follow us at Facebook

Original Source

Apple to Release New Lockdown Mode to Battle Spyware, Provide Extra Layer of Protection

Apple on Wednesday said it plans to release a new feature called Lockdown Mode this fall that aims to add a new layer of protection for human rights advocates, political dissidents and other targets of sophisticated hacking attacks.

The move comes after at least two Israeli firms have exploited flaws in Apple‘s software to remotely break into iPhones without the target needing to click or tap anything. NSO Group, the maker of the Pegasus software that can carry out such attacks, has been sued by Apple and placed on a trade blacklist by US officials.

Lockdown Mode will come to Apple’s iPhones, iPads and Macs this fall and turning it on will block most attachments sent to the iPhone’s Messages app. Security researchers believe NSO Group exploited a flaw in how Apple handled message attachments. The new mode will also block wired connections to iPhones when they are locked. Israeli firm Cellebrite has used such manual connections to access iPhones.

Apple representatives said that they believe sophisticated attacks the new feature is designed to fight — called “zero click” hacking techniques — are still relatively rare and that most users will not need to active the new mode.

Spyware companies have argued they sell high-powered technology to help governments thwart national security threats. But human rights groups and journalists have repeatedly documented the use of spyware to attack civil society, undermine political opposition, and interfere with elections.

To help harden the new feature, Apple said it will pay up to $2 million (nearly Rs. 15 crore) for each flaw that security researchers can find in the new mode, which Apple representatives said was the highest such “bug bounty” offered in the industry.

Apple also said it is making a $10 million (nearly Rs. 80 crore) grant, plus any possible proceeds from its lawsuit against NSO Group, to groups that find, expose and work to prevent targeted hacking. Apple said the grant will go to the Dignity and Justice Fund established by the Ford Foundation, one of the largest private foundations in the United States.

Check out our Latest News and Follow us at Facebook

Original Source

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.