Tag Archives: Malware

Apple unveils ‘Lockdown Mode’ to protect iPhone users from Pegasus spyware

Posted on by
Reply

Apple has recently unveiled two initiatives to help protect users who may be personally targeted by some of the most sophisticated digital threats, such as those from private companies developing state-sponsored mercenary spyware.

Lockdown Mode — the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura — is an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security. Apple also shared details about the $10 million cybersecurity grant it announced last November to support civil society organizations that conduct mercenary spyware threat research and advocacy.

“Apple makes the most secure mobile devices on the market. Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

An iPhone screen shows the new Lockdown Mode capability and asks the user if they want to turn it on.

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.

At launch, Lockdown Mode includes the following protections:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

The Lockdown Mode capability further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.

Apple will continue to strengthen Lockdown Mode and add new protections to it over time. To invite feedback and collaboration from the security research community, Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.

Apple is also making a $10 million grant, in addition to any damages awarded from the lawsuit filed against NSO Group, to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware. The grant will be made to the Dignity and Justice Fund established and advised by the Ford Foundation — a private foundation dedicated to advancing equity worldwide — and designed to pool philanthropic resources to advance social justice globally. The Dignity and Justice Fund is a fiscally sponsored project of the New Venture Fund, a 501(c)(3) public charity.

“The global spyware trade targets human rights defenders, journalists, and dissidents; it facilitates violence, reinforces authoritarianism, and supports political repression,” said Lori McGlinchey, the Ford Foundation’s director of its Technology and Society program. “The Ford Foundation is proud to support this extraordinary initiative to bolster civil society research and advocacy to resist mercenary spyware. We must build on Apple’s commitment, and we invite companies and donors to join the Dignity and Justice Fund and bring additional resources to this collective fight.”

The Dignity and Justice Fund expects to make its first grants in late 2022 or early 2023, initially funding approaches to help expose mercenary spyware and protect potential targets that include:

  • Building organizational capacity and increasing field coordination of new and existing civil society cybersecurity research and advocacy groups.
  • Supporting the development of standardized forensic methods to detect and confirm spyware infiltration that meet evidentiary standards.
  • Enabling civil society to more effectively partner with device manufacturers, software developers, commercial security firms, and other relevant companies to identify and address vulnerabilities.
    Increasing awareness among investors, journalists, and policymakers about the global mercenary spyware industry.
  • Building the capacity of human rights defenders to identify and respond to spyware attacks, including security audits for organizations that face heightened threats to their networks.
  • The Dignity and Justice Fund’s grant-making strategy to research, track, and hold the enhanced cyber weapons trade accountable will be advised by an independent, global Technical Advisory Committee.

“There is now undeniable evidence from the research of the Citizen Lab and other organizations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide,” said Ron Deibert, director of the Citizen Lab, a research group at the University of Toronto. “I applaud Apple for establishing this important grant, which will send a strong message and help nurture independent researchers and advocacy organizations holding mercenary spyware vendors accountable for the harms they are inflicting on innocent people.”

Godless Virus May Have Affected 4 Lakh Android Phones in India: Trend Micro

Posted on by
Reply

The new mobile malware "Godless" has affected nearly 4 lakh devices in India and about a million devices worldwide, said a report from cyber-security firm Trend Micro.

In the report titled "Mobile App Reputation Service", it said the "Godless" malicious software, found in all app stores including Google Play, hides inside an app and operates on the root of the operating system (OS), opening up the admin access to outside devices. "It contains various exploits to ensure it can root a device and it can even install spyware," said the report. It has been designed to exploit the Android devices in endless ways and those devices running on Android 5.1 (Lollipop) or earlier versions are vulnerable.

Once the "Godless" malware finishes its rooting, it cannot be uninstalled easily. "When downloading apps, users should always review the developer. Unknown developers with very little or no background information may be the source of these malicious apps.Users should also have secure mobile security that can mitigate mobile malware," said Nilesh Jain, Country Manager for India, Trend Micro.

According to Strategy Analytics, Google-owned Android dominated the global smartphone market since 2014 with 1 billion units shipped worldwide. It accounts for 81 percent of all smartphones shipped in 2014, followed by Apple with 15 percent market share and Microsoft with 3 percent at third.

“Many users choose Android over other OS-based devices because first, the devices can be relatively cheap; second, it’s known for fast and efficient data storage and third, it’s available across different form factors, brands, and price points," says Paul Oliveria, researcher of Trend Micro. Android is also popular among mobile developers and manufacturers for its capacity to house innovative app development without licensing fees, and sporting a simple and powerful Software Development Kit (SDK).

Here are some tips to keep Android Phones Safe and Secure:

Lock the screen – Enabling a screen unlock code will prevent a device thief from accessing your mobile data.

Protect your data – Android virtually comes with pre-installed security measures that can be easily accessed and enabled from the security submenu. The Android security screen also includes an option to encrypt the device. Enabling this option will help protect sensitive information stored in the device.

Strengthen passwords and app permissions – Google does a fine job at synching their updates with Android devices. However, some manufacturers take a little more time to update. Remember to check the features that you allow the app to access, and don’t forget to use strong and unique passwords. If you re-use your passwords, hackers can effortlessly guess the passwords on your other accounts.

Install a security app – It’s always a good idea to make use of security apps. An app that offers anti-theft features like remote wipe-out, tracking, and locking, as well as malware scanning and detection can help mitigate potential threats. For example, Trend Micro Mobile Security is a security app for Android phone and Android tablet, which blocks malicious apps from Google Play before they are installed; guards against identity theft and viruses; blocks dangerous and fraudulent websites; protects your privacy on Facebook; protects kids online; and even extends battery life and optimizes device performance and memory.

Connect to secure networks – Whenever you go online using a network you don’t know, such as public Wi-Fi, you should be more careful because unsecured Wi-Fi networks can be used to stage man-in-the-middle attacks where data can be intercepted by a third party. Avoid online banking, financials, and purchasing over public networks. If you use Wi-Fi at home, please make sure you use a password to secure your router.

Avoid rooting your device – Before rooting your Android device, consider the pros and cons first. While it allows you more control over your device, it could also allow unsigned apps, including malicious ones, access to your data. This also makes it difficult to patch and update your OS and apps, which could leave your device vulnerable.

Download from official app stores – Downloading from third-party sites or app stores is one of the easiest ways for any mobile device to get infected with malware. Limiting your apps to those from official or trusted app stores (like the Google Play app store) can lower the risks.