Almost a year after the White House told commercial-spyware vendors that their products are not welcome in government anymore, the State Department is warning people at these firms that they and their family members may not be welcome in the US either.In a statement published Monday, Secretary of State Anthony Blinken announced that the US is now ready to impose visa restrictions on employees of companies that sell spyware tools to repressive governments. Those regimes then target their own and other countries’ citizens with “zero-click” attacks that exploit unpatched vulnerabilities in mobile devices, allowing a remote takeover of them without any activity by the intended victim. “Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases,” Blinken said in the statement. “Additionally, the misuse of these tools presents a security and counterintelligence threat to US personnel.”The agency’s announcement specifies that these restrictions cover people either involved in using spyware against activists, dissidents, journalists, and other marginalized or vulnerable communities or people who have helped or made money off that misuse. And it notes that the department can impose these bans on the immediate families of those people, defined as “spouses and children of any age.” So not only can executives at such already-sanctioned spyware developers as the Israeli firms NSO Group and Candiru no longer assume they can hop on a plane to visit the US for work or for fun whenever they want, their kids may have to scratch American universities off their college possibilities. The move follows growing concern about how such undemocratic regimes as Saudi Arabia and the United Arab Emirates’ governments have employed tools like NSO’s Pegasus to hack into the smartphones of journalists and human-rights activists and even government officials of such US allies as the UK. And in December 2021, Apple warned that NSO tools had been used to hack the smartphones of some State Department employees either based in Uganda or dealing with Ugandan affairs.Both Apple and Google have had to ship multiple rounds of updates to close vulnerabilities exploited by them. Apple also added a new shields-up option to iOS in 2022’s iOS 16 update, Lockdown Mode; so far, that seems effective at defeating these hacking tools. The company also sued NSO Group in November 2021, describing that firm’s people as “amoral 21st century mercenaries” and seeking a ban on NSO using any Apple products.But the commercial success of NSO Group and its ilk seems to have encouraged other companies to join this market.
Recommended by Our Editors
Google’s Threat Analysis Group posted a report on Tuesday that said the firm’s security researchers are now tracking some 40 commercial spyware vendors (CSVs) that market these hacking toolkits to a list of countries that includes not just the usual authoritarian subjects but also democracies like Greece and Spain. The finely segmented pricing recounted in the report—for example, €8 million to run 10 concurrent spyware implants on Android and iOS devices, with a €3 million surcharge to have them persist through phone restarts—can evoke the spectrum of surcharges at a cable provider. But there’s nothing funny about the way these vendors have become as prolific as nation-state attackers at finding zero-day vulnerabilities to exploit. The report estimates that of 72 in-the-wild zero-days targeting Google products since the middle of 2014, 35 came from commercial spyware vendors. And that, the report warns, is “a lower bounds estimate” because it can’t factor in exploits that researchers haven’t detected or haven’t been able to attribute to any one attacker.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
