Commercial spyware vendors are exploiting zero-day vulnerabilities to target Android and iOS devices, according to a report by Google’s Threat Analysis Group (TAG). The report revealed that two highly targeted campaigns utilized zero-day vulnerabilities, which allowed vendors to arm governments and target human rights workers, journalists, dissidents, and opposition party politicians.
Amnesty International exposes a sophisticated spyware campaign
Amnesty International’s Security Lab has exposed a sophisticated hacking campaign by a spyware company that targets Google’s Android operating system. The campaign showed all the hallmarks of an advanced spyware campaign developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks. The newly discovered spyware campaign has been active since at least 2020 and targeted mobile and desktop devices, including users of Google’s Android operating system.
Exploits used in the attacks
The exploits used in the hacking campaign included zero-day and n-day vulnerabilities delivered via SMS messages over shortened links. One of the campaigns targeted users in Italy, Malaysia, and Kazakhstan using these methods, while the other targeted Android users in the United Arab Emirates with one-time attack links sent over SMS.
The iOS exploit chain used multiple bugs, including a zero-day vulnerability, to install an .IPA file onto the device. The Android exploit chain used three exploits to deliver an unspecified payload. Meanwhile, the second campaign targeted the latest version of Samsung Internet Browser and used several zero-days and n-days delivered via SMS to devices located in the U.A.E.
Malicious domains used
The spyware and zero-day exploits were delivered from an extensive network of more than 1000 malicious domains. These domains included ones spoofing media websites in multiple countries.
Global moratorium required
Unscrupulous spyware companies pose a real danger to the privacy and security of everyone. Amnesty International is urging people to ensure they have the latest security updates on their devices to protect themselves from these threats. There is an urgent need for a global moratorium on the sale, transfer, and use of spyware until robust human rights regulatory safeguards are in place to prevent these sophisticated cyber-attacks from being used as a tool of repression against activists and journalists.
US President Biden has signed an executive order restricting the government’s use of commercial spyware technology that poses a threat to human rights. However, this will not be enough without similar actions from other countries around the world.
Google active tracking
Google is actively tracking more than 30 vendors known to sell surveillance capabilities or exploits to government-sponsored threat actors worldwide. The tech giant has linked an exploit framework targeting Chrome, Firefox, and Microsoft Defender vulnerabilities to the Variston IT Spanish software company.
Internet Service Providers (ISPs) helped Italian spyware vendor RCS Labs to infect devices of Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. Another surveillance campaign was brought to light by Google TAG, where state-sponsored attackers exploited five zero-days to install Predator spyware developed by Cytrox.
Urgent need for international legal framework
The spyware industry poses a critical threat to human rights defenders and civil society around the world. It is important to put measures in place to stop these abuses and protect human rights in the digital age. This includes an urgent need for an international moratorium on the development, use, transfer, and sale of spyware technologies until there is a global legal framework in place.
In conclusion, commercial spyware vendors are exploiting zero-day vulnerabilities to target Android and iOS devices for spying purposes. Governments around the world must take serious steps towards imposing sanctions on companies that develop such technologies for malicious purposes. It’s high time companies put robust measures in place to prevent these sophisticated cyber-attacks from being used as a tool of repression against activists and journalists.
Image Source: Wikimedia Commons
