Tag: develops | SpinSafe

Spyware industry develops most zero-days and governments promote it

February 8, 2024/in Internet Security

Commercial spyware vendors appear to be the largest developers of zero-day vulnerabilities. Through these vulnerabilities, spyware such as Pegasus and Predator can be installed on devices worldwide. This was stated in a report by Google, in which the tech company is also calling for greater actions against the practices of the spyware industry. Governments should ban those actions, but that is hard because they themselves are buyers of the spyware.

Last year, the Threat Analysis Group (TAG) at Google closely monitored the activities of 40 commercial spyware vendors (CSVs). With the study, TAG determined that these vendors were responsible for 80 percent of the zero-day vulnerabilities found by TAG in 2023. It means that these vendors sought and exploited the vulnerability. The exploitation was aimed at spying on devices around the world.

Pegasus and Predator

In the report, TAG mentions several of these CSVs by name. They are said to include Cy4Gate, RCS Lab, Negg Group and Variston. Intellexa is also named as the developer of the Predator spyware. This spyware came into the spotlight late last year following an Amnesty International investigation. Predator was allegedly purchased by at least 25 countries and deployed to spy on U.S. and EU politicians.

Another vendor, perhaps even better known, is NSO Group. This company made plenty of headlines after the discovery of Pegasus spyware. This software came to light after Apple contacted top European officials on the possibility of spyware on their Apple devices.

Only a fraction of the reality

Commercial spyware vendors appear to have increasingly focused on zero-day vulnerabilities over the years. Over ten years, Google can attribute 35 of the 72 zero-day vulnerabilities found and exploited to these vendors.

So over a ten-year period, the percentage does not even reach 50 percent. Last year, however, it had already reached 80 percent. It seems like these commercial vendors have, mainly in recent years, scaled up their activities to find and exploit zero-day vulnerabilities.

Still, there is another possible conclusion. Namely, TAG’s study assumes the zero-day vulnerabilities found. Researchers have…

Source…

IIT Madras-Incubated Firm Develops Indigenous BharOS Operating System

January 19, 2023/in Mobile Security

IIT Madras-incubated firm develops indigenous mobile operating system ‘BharOS’

An IIT Madras-incubated firm has developed an indigenous mobile operating system called ‘BharOS‘, officials said on Thursday. The system can be installed on commercial off-the-shelf handsets. BharOS services are currently being provided to organisations that have stringent privacy and security requirements and whose users handle sensitive information that requires confidential communications on restricted apps on mobiles. Such users require access to private cloud services through private 5G networks.

The BharOS was developed by JandK Operations Private Limited (JandKops), which has been incubated at IIT Madras. “BharOS Service is a Mobile Operating System built on a foundation of trust, with a focus on providing users more freedom, control, and flexibility to choose and use only the apps that fit their needs,” said IIT Madras director V Kamakoti.

“This innovative system promises to revolutionise the way users think about security and privacy on their mobile devices,” he said. “We look forward to working closely with many more private industries, government agencies, strategic agencies and telecom service providers to increase the usage and adoption of BharOS in our country,” he added. BharOS comes with No Default Apps (NDA). This means that users are not forced to use apps that they may not be familiar with or that they may not trust. Additionally, this approach allows users to have more control over the permissions that apps have on their device, as they can choose to only allow apps that they trust to access certain features or data on their device.

According to Karthik Ayyar, director of JandK Operations Pvt Ltd, BharOS offers ‘Native Over The Air‘ (NOTA) updates that can help to keep the devices secure. “NOTA updates are automatically downloaded and installed on the device, without the need for the user to manually initiate the process. This ensures that the device is always running the latest version of the operating system, which includes the latest security patches and bug fixes. With NDA, PASS, and NOTA, BharOS ensures that Indian mobile phones are trustworthy,” he said. Ayyar explained that…

Source…

LG Uplus Develops New Technology that Can Prevent Hacking of Intelligent CCTV

June 24, 2022/in Internet Security

This photo provided by LG Uplus Corp. shows the mobile carrier’s employees testing new technology to prevent the hacking of intelligent CCTV systems.

SEOUL, June 24 (Korea Bizwire) — LG Uplus Corp., a major South Korean telecom operator, said Thursday it had developed a new technology to prevent the hacking of intelligent CCTV systems in collaboration with Internet of Things (IoT) security specialist ICTK Holdings.

Intelligent CCTV refers to an artificial intelligence (AI) service that analyzes video images taken by high-resolution CCTV cameras to identify individuals by their faces, and to detect and issue a warning when there are emergency situations.

If intelligent CCTV systems are hacked, it can lead to the leakage of videos and images containing sensitive private information.

To prevent hacking, LG Uplus applied a physical unclonable function (PUF) virtual private network (VPN) between CCTV cameras and the main server.

The mobile carrier plans to complete the demonstration of the technology by October of this year and commercialize it through the establishment of equipment infrastructure, including servers that can deal with 100,000 CCTV cameras, at its Internet Data Center in Seoul.

Kevin Lee ([email protected])

Source…