Of all the data points contained in Zimperium’s recently released 2022 Global Mobile Threat Report, perhaps the most shocking is the spike in known cases of zero-day exploits being used in attacks against mobile devices. A zero-day exploit is one where the vendor is unaware of the corresponding vulnerability at the time of attack and has therefore not provided a workable patch. The number jumped to 17 from three the previous year, while the share of zero-days that were mobile-specific increased from 11% to 31%.
A recent investigation by Ronen Bergman and Mark Mazzetti in The New York Times Magazine opened the curtains into the complex, high-stakes world surrounding commercially available smartphone spyware. Zeroing in on NSO Group’s Pegasus product, the reporters detailed the powerful incentives at play in the proliferation of this spyware.
The location data we give up in using certain apps can be used by third parties to track our movements and infer our behaviors, preferences and beliefs. While this information may be relatively harmless when leveraged by a retailer or investor, there’s no telling who may ultimately gain access. In the hands of a malicious actor, such insights can facilitate physical tracking, blackmail, the outing of deeply held secrets and more.
When visiting certain high-risk countries on business, your smartphone activity may be monitored by local intelligence services. From fake cell towers to malicious carrier updates, spies in these countries have a number of ways to install malware on your device through your cellular connection alone. As such, it’s best to assume that your smartphone has been compromised when on foreign soil.
SafeCase, our smartphone-coupled security device, serves as an ExoComputer: a secondary, special-purpose computing device to the smartphone. At first blush, the concept of an independent, security-focused system parallel to the mobile device may seem straight out of left field. But viewed in context, the ExoComputer represents an architectural evolution that builds upon the established concept of the trusted execution environment, isolating a smartphone’s critical security operations from attacks against the device’s user-facing environment.
On Sunday, the first reports were published under the banner of the Pegasus Project, revealing the results of an investigation into how NSO Group’s military-grade spyware has been used to hack the smartphones of business leaders, heads of state, activists, journalists, politicians and more. The findings of this investigation, compiled by a consortium of media organizations across the globe, capture the implications of this commercially available spyware.
Verizon recently released its annual Mobile Security Index, an always-anticipated snapshot of experiences and attitudes among senior professionals responsible for their organization’s mobile security. This year’s results crystallize what we at Privoro have known for some time: that mobile devices are as indispensable to modern business as they are challenging to protect. Let’s dig into the highlights.
In September 2019, attribution was given to Israel for the IMSI catchers discovered in Washington, D.C. two years earlier, shining light on the prevalence of these types of spying devices. Once used solely by law enforcement as a way of finding the international mobile subscriber identity (IMSI) linked to a criminal suspect’s SIM card for investigative purposes, now just about anyone can acquire or build an IMSI catcher to intercept a target’s communications. With such low barriers to entry, it’s no longer just the bad guys who need to be worried about these devices.
Today is Data Privacy Day, a perfect opportunity to learn how to keep your smartphone from being used for tracking purposes. While it can feel like a daunting challenge to escape the intrusive tracking practices employed by tech companies, advertisers and other players in the surveillance economy, use the four tips below to start taking back control of your digital privacy.