In recent years, there have been a number of times clear messages from Apple: You must update your iPhone now – we have found a security hole. For most people, this may be noticed with a message from the phone, or they read about it in the media. This is how users are notified of an important security update for iPhone these days. Photo: Øyvind Bye Skille / news – Maybe it doesn’t fit or you think it’s tiring with all these notifications. So some people probably think “whew, another such security update”, but they are very, very important, Professor Ron Deibert at the University of Toronto tells news. He heads CitizenLab, an interdisciplinary center for work in technology, security and human rights. Experts at the center have been involved in a number of the emergency updates that have arrived for both iPhone and Android-based phones. That the updates are important is emphasized by the fact that it is not just a theoretical possibility that someone could exploit the security holes. Several of the updates for the iPhone have been marked with the text: “Apple is aware of a report that this issue may have been actively exploited.” This means that Apple has received information that someone is already using the security hole for computer attacks. It also means that there is a so-called zero-day vulnerability. A security hole that has been known without any bug fixes. Professor Ron Deibert at CitizenLab in Toronto, Canada. Photo: Øyvind Bye Skille / news Several times in recent years it has been CitizenLab that has found security holes linked to specific hacker attacks. Attacks that have targeted journalists, oppositionists, activists and human rights defenders. Then the cooperation with Apple, Google or other relevant companies starts. – We have a responsibility and must notify the companies quickly. This is how they can plug the security holes, and we have experience that they usually do that quickly, says Deibert. The presidential candidate who was hacked It is such a hacker attack that is behind the security update that came this week for Apple’s products. On Thursday, there were urgent updates for both iPhone, iPad and Mac computers. CitizenLab was able to say on Friday that they believe that some of the security holes that are being closed had been used in an attempt to hack an opposition politician in Egypt. Ahmed Eltantawy said in April that he wants to run for office to try to become president of Egypt in 2024. Ahmed Eltantawy wants to run for office and try to become president of Egypt in 2024. Photo: SHOKRY HUSSIEN / Reuters Investigations of his phone by CitizenLab in collaboration with security experts from Google’s Threat Analysis Group (TAG) will show that someone tried to hack his phones a number of times in the period from May to September. The phone received messages with links to websites with malware. The traffic from the phone to websites Tantawi would visit was forwarded if it was not encrypted. Instead of the web pages he wanted to read, the phone had malware injected into its system. Because the experts believe that parts of the attacks involved manipulating the traffic in the mobile network in Egypt, CitizenLab goes to great lengths to point out the authorities and the sitting president Abdel Fatah El-Sisi as those responsible. Eltantawy received such messages on his iPhone, but he did not click on the links in these messages. Photo: CitizenLab To the Washington Post, presidential candidate Ahmed Eltantawy does not want to blame the authorities, but he says that he believes he was attempted to be hacked because of his political activity and with the aim of targeting him. – Easily said. There is nothing that can affect me, nor anything they can find through two years of hacking, says the presidential candidate to the Washington Post. He also says that a number of people close to him have been arrested by the authorities. The Egyptian authorities have not responded to the criticism related to the computer attacks, but the Ministry of the Interior has denied that people connected to the election campaign have been arrested. So how did CitizenLab discover this was happening? The presidential candidate contacted the research center because he was reacting to all the strange messages he received. When the experts receive such an inquiry, the investigations begin. – We have a group of experts that we can call digital detectives. They try to find out how authorities and companies engage in digital espionage. They check how they get into phones and hack them, Ron Deibert tells news. Can turn on the microphone and the camera Deibert says that they have discovered a number of very advanced computer attacks against vulnerable people. – These are people who are perceived as threats to autocrats or authoritarian regimes. It may be journalists who uncover objectionable circumstances. Then some regimes do a lot to stop them, such as hacking the phones to blackmail them or find out who they are talking to, says Deibert to news. – How widespread is it? – It is very widespread among these vulnerable people, replies the professor. CitizenLab has tried to track advanced attacks against mobile phones. This is how Ron Deibert presented possible attacks with the Pegasus spyware during a lecture this week. Photo: Øyvind Bye Skille / news The computer attacks in which phones are hacked are very advanced. In spy movies, you might see a hacker connect to the phone, or put something next to it, to carry out an attack. Or you’ve heard that you shouldn’t click on links, because that’s how you can get viruses or be attacked. Deibert explains that these attacks against vulnerable people use methods where the attacked often do not notice anything. – This is extremely advanced. The latest versions of spyware can take over phones without you having to do anything. One moment your phone is perfectly fine and safe – the next it’s attacked and taken over by a digital spy who could be on a completely different continent. He explains that the digital spies can do a lot when they take over your phone: They can read all your emails and text messages. They can see all your photos. They can track your whereabouts. They can also turn on the microphone and camera and monitor you and those around you. The research group at CitizenLab believes they have traced several of the attacks to companies that make and sell spyware for large sums. The programs are called things like Pegasus, Candiru and Predator. The companies state that they sell software to fight terrorism and crime, but Deibert believes that the systems are also used in violation of human rights. – We see in our work that liberal democracy is threatened by this. The hacking shows that parts of the world are becoming more authoritarian. We have to work hard to solve this as a problem. We must restore the rule of law and liberal democracy, says Deibert. Together with their colleagues, they have tracked computer attacks and hacking of mobile phones in Latin America, Africa, Asia, the Middle East and Europe. The widow of Jamal KhashoggiCitizenLab believes it has found evidence that Pegasus spyware was installed on the phone of the widow of journalist Jamal Khashoggi in the months before he was killed, the Washington Post has written.Ben Hubbard, New York TimesCitizenLab believes it has uncovered that the Middle East correspondent for the American newspaper New York Times, Ben Hubbard was attacked with the spyware Pegasus a number of times. The journalist covered the Middle East, and among other things had published a book about the regime’s crown prince Mohammed bin Salman, he himself writes in the New York Times. Galina Timchenko, Russian journalist CitizenLab believes it has found evidence that exiled Russian journalist Galina Timchenko has been hacked with Pegasus spyware. Timchenko heads the critical Russian media channel Meduza, which is operated from outside Russia. Ahmed Mansoor, United Arab Emirates In 2016, CitizenLab announced that they had found out that the human rights activist Ahmed Mansoor based in the United Arab Emirates had been subjected to a series of computer attacks. They wrote that they saw traces of spyware both from Finfisher, HackingTeam and NSO Group. Apple issued security updates following the revelations from CitizenLab.Carmen Aristegui, MexicoCitizenLab has uncovered a series of attacks against the mobile phones of people in Mexico. In 2017, they discussed how journalists and lawyers investigating corruption and human rights abuses had been hacked. Investigative journalist Carmen Aristegui was attempted to be hacked with Pegasus spyware a number of times, according to CitizenLab. When they did not succeed, they allegedly hacked the mobile phone of her minor son. Recommend updating immediately news met Professor Ron Deibert at the Global investigative journalism conference in Gothenburg. There he lectured on the dangers of hacking for journalists covering authoritarian regimes and sensitive topics. Not long ago, Apple started sending out messages to users where they suspect they may have been exposed to advanced computer attacks. During his lecture, Deibert asked those who had received such messages to raise their hands, and several journalists did just that. In addition to giving lectures, CitizenLab offered to check the phones of concerned journalists. The professor could not answer whether they discovered new hacked phones during the conference, and referred to research ethics rules. Ron Deibert is Professor of Political Science at the University of Toronto. He leads CitizenLab and collaborates with a number of technical experts in the work. Photo: Jamie Napier – While we’re here we talk to a lot of journalists. We also do our best to investigate and possibly discover if there are problems with their devices, says Deibert to news. He also explains that it is not just journalists, politicians and other vulnerable groups who should update mobiles and computers when new versions from Apple, Microsoft and Google arrive. – The security holes can cause great damage. When we find them in our work with vulnerable groups, they become dense and publicly known. If you don’t update your phone, there is a risk that other pure computer criminals will take advantage of them, he says. – So you don’t have to be a journalist or an activist to take care of your own IT security? – Everyone should update as part of their own digital hygiene. It is recommended to update immediately since the information is now out and publicly known, he says. For more vulnerable groups, CitizenLab also recommends more comprehensive security measures. Among other things, Deibert advises journalists to switch on a separate security mode on their iPhone if they are worried about computer attacks.
ttn-69
That’s why you need to update your iPhone – presidential candidate in Egypt attempted to be hacked – news Norway – Overview of news from different parts of the country
