PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Minor additions

Browse Source 
Signed-off-by: Raja Grewal <rg_public@proton.me>
This commit is contained in:
Raja Grewal 2023-11-25 09:29:55 +00:00 committed by GitHub
parent cf2fe263ba
commit 0e258dc9a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/posts/knowledge/Mobile Verification Toolkit for Android and iOS.md
View File

@ -9,11 +9,11 @@ One of the key principle components involved in maintaining both strong privacy
Building on this, both independent and mainstream media are constantly awash with stories regarding the frequent discoveries of sophisticated malware installed on users phones that have the ability totally compromise a device by giving external parties effectively root access. The most well-known of these variants of spyware target hitherto unknown zero-day exploits as thoroughly discussed by [Amnesty International Security Lab](https://www.amnesty.org/en/tech/) and [The Citizen Lab](https://citizenlab.ca/).
For example, there is very little any end-user can do to detect intrusions by the infamous Pegasus spyware made by the NSO Group, see [[1](https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/), [2](https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/), [3](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/), [4](https://forbiddenstories.org/case/the-pegasus-project/), [5](https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/) [6](https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/), [7](https://citizenlab.ca/2022/02/bahraini-activists-hacked-with-pegasus/), [8](https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/), [9](https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/), [10](https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/), [11](https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/), [12](https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/), [13](https://citizenlab.ca/2023/05/cr1-armenia-pegasus/), [14](https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/)]. A similar situation is exists with the Predator spyware marketed by the cyber intelligence consortium Intellexa Alliance (which includes its developer Cytrox), see [[15](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware), [16](https://blog.talosintelligence.com/mercenary-intellexa-predator/), [17](https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/), [18](https://blog.sekoia.io/active-lycantrox-infrastructure-illumination), [19](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/), [20](https://www.amnesty.org/en/documents/act10/7245/2023/en/)]. Other high-profile recent examples of mercenary spyware vendors include [Candiru](https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/), an [undisclosed company](https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/), [QuaDream](https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/), a [mysterious source](https://securelist.com/trng-2023/), and [APT41](https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41).
For example, there is very little any end-user can do to detect intrusions by the infamous Pegasus spyware made by the NSO Group, see [[1](https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/), [2](https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/), [3](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/), [4](https://forbiddenstories.org/case/the-pegasus-project/), [5](https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/) [6](https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/), [7](https://citizenlab.ca/2022/02/bahraini-activists-hacked-with-pegasus/), [8](https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/), [9](https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/), [10](https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/), [11](https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/), [12](https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/), [13](https://citizenlab.ca/2023/05/cr1-armenia-pegasus/), [14](https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/)]. A similar situation is exists with the Predator spyware marketed by the cyber intelligence consortium Intellexa Alliance (which includes its developer Cytrox), see [[15](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware), [16](https://blog.talosintelligence.com/mercenary-intellexa-predator/), [17](https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/), [18](https://blog.sekoia.io/active-lycantrox-infrastructure-illumination), [19](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/), [20](https://www.amnesty.org/en/documents/act10/7245/2023/en/), [21](https://citizenlab.ca/2023/10/predator-spyware-targets-us-eu-lawmakers-journalists/)]. Other high-profile recent examples of mercenary spyware vendors include [Candiru](https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/), an [undisclosed company](https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/), [QuaDream](https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/), a [mysterious source](https://securelist.com/trng-2023/), and [APT41](https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41).
It should also be recognised and stressed that being targeted by complex mercenary spyware is an expensive undertaking and so the overwhelming majority individuals are very unlikely to be affected. The confirmed targets involve politicians, activists, developers of AI-based guidance systems, lawyers, journalists, and whistleblowers. See The Citizen Lab's [publication list](https://citizenlab.ca/publications/) for more references.
We must also strongly emphasise that one of the most effective strategies and habits any end-user can develop to both prevent and defend against these complex attacks is to simply keep your devices running the latest OS versions (see for example updates from [Apple](https://support.apple.com/en-us/HT201222), [Android](https://source.android.com/docs/security/bulletin/asb-overview), and [GrapheneOS](https://grapheneos.org/releases#changelog)) while totally avoiding the use of devices that are no longer receiving patches (end-of-life).
We must also strongly emphasise that one of the most effective strategies and habits any end-user can develop to both prevent and defend against these complex attacks is to simply keep your devices running the latest OS versions (see for example updates from [Apple](https://support.apple.com/en-us/HT201222), [Android](https://source.android.com/docs/security/bulletin/asb-overview), and [GrapheneOS](https://grapheneos.org/releases#changelog)) while totally avoiding the use of devices that are no longer receiving patches (end-of-life). Additionally, having some [knowledge](https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/) on modern cellular networks is also advantageous.
## Detecting traces of known compromise with `mvt`