Latest news with #CitizenLab
Forbes
3 days ago
- Forbes
Google's Gmail Warning—Do Not Use Any Of These Passwords
New Gmail password warning dpa/picture alliance via Getty Images Google has confirmed details of a complex attack with a simple warning attached. Yet again, bad actors have exploited Google's legitimate account infrastructure to trick users into compromising their own security. And while in this instance the targets were highly targeted, the basic vulnerability affects all users. Google's Threat Intelligence Group and Citizen Lab warn that Russian state-affiliated hackers used seemingly legitimate U.S. State Department email addresses to help target high-value individuals with emails and calendar invites. With a target hooked, a malicious PDF attachment was then sent which triggered a password request to open. Victims were directed to 'to create an Application Specific Password (ASP) or 'app password'. ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV)." As Citizen Lab says, 'while many state-backed attackers still focus on phishing a target's passwords and MFA codes, others are constantly experimenting with novel ways to access accounts." This attack "is yet another effort to gain account access through a novel method: convincing the target user to create and share a screenshot of an App-Specific Password (ASP).' ASP Warning Google The target was then told to share the Gmail ASP to open the document. This enabled the attackers to gain access to the victim's Gmail account using that ASP. As Google says, 'users have complete control over their ASPs and may create or revoke them on demand.' But if you don't know you've been attacked, you have no reason to do so. Two separate warnings here. If you consider yourself a high-value target for any flavor of sophisticated or even state-affiliated hacker, if you're in a high-profile or high-risk job or location, then you should enable Google's Advanced Protection Program. This will better lock down your account, but it is for a small minority of users. For all others, the second warning is not to use these ASPs. Google warns 'app passwords aren't recommended and are unnecessary in most cases. To help keep your account secure, use 'Sign in with Google' to connect apps to your Google Account." Even if you're not at risk from a sophisticated attack, the use of ASPs has now been flagged and it wil be very easy for attackers to socially engineer simpler, wider campaigns that trick users into sharing ASPs using a wide variety of lures. As such do not set these up and certainly never share them.
CTV News
5 days ago
- Politics
- CTV News
Border bill raises questions about expanded data sharing with U.S.: Citizen Lab
OTTAWA — An organization that monitors the effect of information flows on human rights says the new federal border security bill appears to 'roll out a welcome mat' for expanded data-sharing agreements with the United States and other foreign authorities. Researchers with The Citizen Lab at the University of Toronto say they want the federal government to reveal more about the information-sharing implications of the bill due to a possible risk to human rights. A preliminary Citizen Lab analysis of the bill also raises questions about how any new information-sharing plans would comply with Canada's policy on tabling treaties in Parliament. The analysis released today notes the legislation refers to the potential for agreements or arrangements with a foreign state. The bill also mentions the possibility that people in Canada may be compelled to disclose information by the laws of a foreign state. The government says the legislation is intended to keep borders secure, fight transnational organized crime, stop the flow of deadly fentanyl and crack down on money laundering. This report by The Canadian Press was first published June 16, 2025 Jim Bronskill, The Canadian Press
Phone Arena
5 days ago
- Phone Arena
This iPhone hack needed zero clicks – and it spied on journalists
Recently, Apple patched a critical iPhone zero-day vulnerability. Reportedly, this vulnerability was quietly exploited, targeting journalists. Citizen Lab discovered the vulnerability. Basically, it allowed for Paragon's Graphite spyware to infiltrate iPhones via iMessage. The issue has been addressed in iOS 18.3.1. Back in April 2025, Apple notified a select group of iOS users (including two prominent journalists) that their devices had been targeted by spyware. Citizen Lab, which is a cybersecurity research group, confirmed the suspicions using forensic analysis. The investigation reportedly showed that a European journalist and an Italian journalist were targeted by surveillance firm Paragon. The spyware was reportedly installed via a zero-click attack in iMessage. A "zero-click" attack basically requires no action to be taken by the victim. The malicious user sends a specific malicious message and it compromises the device. Luckily, Apple has patched this vulnerability with iOS 18 .3.1. iOS is known for its security and privacy, but even iOS can fall victim to malicious users. | Image Credit – Apple Meanwhile, as Citizen Lab continued its analysis, it found that the exploited vulnerability was related to how iOS processed photos and videos sent via iCloud links. Another journalist has also been notified by Apple in January of this year about being targeted with Paragon's spyware. This could mean a broader pattern of attacks against journalists. So far, it seems only these specific people were targeted, and the vulnerability has been fixed by Apple already, so you generally have nothing to worry about. However, this incident clearly underlines the continuing fight between malicious users and is generally known for its privacy and security-centric approach, but even Apple can fall prey to the creativity and maliciousness of hackers. It's basically a cat-and-mouse game between device makers and hackers, and it's been like this since tech existed, pretty much. Although we as users can't do much in the grand scheme of things, it's important to update your device in a timely manner. When a security vulnerability has been discovered, usually companies release patches and updates to iron it out, so don't postpone or delay these when you see them waiting to be installed on your device.
Forbes
13-06-2025
- Forbes
New iPhone Spyware Warning — Act Now To Prevent Attacks
A new warning has been issued to Apple iPhone users by researchers after they found forensic evidence that Paragon Graphite spyware has taken over targets' devices. Cybersecurity researchers at Citizen Lab — which is known to discover and report vulnerabilities such as spyware — found spyware made by Israeli firm Paragon targeting iPhones. It comes after the Italian government admitted using spyware to target civil society. Apple initially issued an alert on the new spyware targeting a number of iOS users including journalists on April 29. Among the group were two journalists that consented for the technical analysis of their cases, Citizen Lab's Bill Marczak and John Scott-Railton wrote in their analysis. After investigating the devices of a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, Citizen Lab found forensic evidence confirming 'with high confidence that both a were targeted with Paragon's Graphite mercenary spyware.' Citizen Lab found evidence linking both cases to the same Paragon operator. The attacker deployed Paragon's Graphite spyware using 'a sophisticated iMessage zero-click attack,' Citizen Lab said, adding: 'We believe that this infection would not have been visible to the target.' The iPhone flaw, tracked as CVE-2025-43200, was patched in iOS 18.3.1. Spyware is so dangerous because it provides adversaries complete access to your iPhone, including your microphone, camera, email and messages — even those sent via encrypted apps such as WhatsApp or Signal. Worse, spyware is often deployed via so called 'zero-click attacks' that require no user interaction, taking advantage of vulnerabilities in the iOS operating system. This means the malware ca be delivered via an image sent via iMessage or WhatsApp — and you don't need to open it to become a victim. The fact that Graphite was delivered through a zero-click exploit reflects a growing pattern where 'sophisticated spyware uses zero-day vulnerabilities to silently compromise devices,' says Adam Boynton, senior security strategy manager EMEIA at cybersecurity outfit Jamf. What makes Graphite especially dangerous is its ability to operate covertly in memory, often leaving minimal artefacts on disk, says Boynton. It is capable of creating system-level impersonations — for example, registering hidden iMessage accounts or spoofing security features — to conceal its presence from both the user and standard detection tools. 'These tactics make traditional mobile security models insufficient on their own,' says Boynton. The new spyware warning is certainly scary, but at the same time, Apple's security architecture remains 'among the strongest in the industry,' says Boynton. He points to the iPhone maker's Lockdown Mode, which reduces the functionality of your iPhone but helps protect it from spyware. Spyware is extremely targeted, as can be seen from Citizen Lab's analysis, which focused on journalist's iPhones. Other groups vulnerable to the malware include dissidents, political figures and business users operating in certain sectors. In order to help prevent being targeted, Boynton emphasises the importance of keeping iPhones up to date. He also suggests enabling Lockdown Mode on Apple devices if you are in a sensitive or high-risk role. Another way of disrupting spyware is to turn your iPhone off and on again. But it's not a permanent solution and if you do suspect the malware is on your device, contact an organization such as Amnesty or Access Now for help. As researchers reveal more details about the dangers of the Graphite spyware, it is important that you update your iPhone now to the latest software, currently iOS 18.5. Even if you are not a target, upgrading will protect you from a number of flaws that could compromise your iPhone's security.
TechCrunch
12-06-2025
- TechCrunch
Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
Researchers revealed on Thursday that two European journalists had their iPhones hacked with spyware made by Paragon. Apple now says it has fixed the bug that was used to hack their phones. Citizen Lab wrote in its report, shared with TechCrunch ahead of its publication, that Apple had told its researchers that the flaw exploited in the attacks had been 'mitigated in iOS 18.3.1,' a software update for iPhones released on February 10. Until this week, the advisory of that security update only mentioned one unrelated flaw, which allowed attackers to disable an iPhone security mechanism that makes it harder to unlock phones. On Thursday, however, Apple updated its February 10 advisory to include details about a new flaw, which was also fixed at the time, but not publicized. 'A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,' reads the now-updated advisory. In the final version of its report published Thursday, Citizen Lab confirmed this is the flaw used against Italian journalist Ciro Pellegrino and an unnamed 'prominent' European journalist. Contact Us Do you have more information Paragon? Or other spyware makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information Paragon? Or other spyware makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . It's unclear why Apple did not disclose the existence of this patched flaw until four months after the release of the iOS update, and an Apple spokesperson did not respond to a request for comment seeking clarity. The Paragon spyware scandal began in January, when WhatsApp notified around 90 of its users, including journalists and human rights activists, that they had been targeted with spyware made by Paragon, dubbed Graphite. Then, at the end of April, several iPhone users received a notification from Apple alerting them that they had been the targets of mercenary spyware. The alert did not mention the spyware company behind the hacking campaign. On Thursday, Citizen Lab published its findings confirming that two journalists who had received that Apple notification were hacked with Paragon's spyware. It's unclear if all the Apple users who received the notification were also targeted with Graphite. The Apple alert said that 'today's notification is being sent to affected users in 100 countries.'
