Information Technology

Image: Omar Al-Ghossen
At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app, an academic research group said today.

Citizen Lab, a cybersecurity and human rights abuse research group at the University of Toronto, said the zero-day was part of an exploit chain named Kismet that was created and sold by NSO Group, a well-known vendor of spyware and surveillance products.
Researchers claim NSO sold the Kismet hacking tool to at least four entities, who used it in July and August 2020 to hack the personal iPhones of 36 Al Jazeera reports from all over the globe.
The Citizen Lab team believes it identified two of the four of the buyers in Saudi Arabia and the United Arab Emirates, linking the activity to two groups the organization has been tracking as Monarchy and Sneaky Kestrel.
Subsequent investigations discovered that the attacks had been going on since at least October 2019.
At the time the attacks were discovered, Citizen Lab said the Kismet exploit tool worked against Apple’s latest devices (i.e., iPhones 11 running iOS 13.5.1).
The zero-day stopped working this fall when Apple released iOS 14, which shipped with several security feature enhancements.

The academic research group notified Apple of the attacks, and said the OS maker was now investigating the report.
Regional politics and zero-days
Reached for comment today, December 20, an NSO Group spokesperson called the report “speculation” that lacked any evidence “supporting a connection to NSO.”
The company said it only sells surveillance tools to law enforcement agencies and that it is unable to determine what its customers do with its tools.
Citizen Lab has previously published multiple reports claiming that NSO-developed hacking tools have been used outside the scope of law enforcement investigations to track political rivals, dissidents, journalists, clergy, and activists in countries such as Morroco, Mexico, Saudi Arabia, Togo, Spain, the UAE, and others.
Al Jazeera, a Qatar-based news agency, is believed to have been targeted due to the strained political relations between Qatar and neighboring countries.
In 2017, four states (Saudi Arabia, the United Arab Emirates, Bahrain, and Egypt) cut off official diplomatic relations with Qatar, and Al Jazeera has published several reports critical of the four countries ever since. Its website is blocked in two of the four states — Saudi Arabia and the UAE.
The full 5,000-word Citizen Lab report on the Kismet exploit chain and iOS zero-day is available here. More

Today I was made aware of a document published by Apple that might really help someone out of a jam, so you should bookmark it for future reference. 
Titled “Device and Data Access when Personal Safety is At Risk,” this document highlights the steps that an Apple user can work through if they believe that their Apple ID has been compromised, or they want to rescind someone’s access to information that they previously allowed to have access, such as an ex or a family member.
Must read: Apple now shows you all the ways iOS apps track you

As you’d expect, it’s a very in-depth document, covering subjects such as how to secure a device and Apple ID, to how to check, and if needed, rescind, any data you’ve previously shared with another.
There are also three very useful checklists:
If you want to see if anyone else has access to your device or accounts
If you want to stop sharing with someone whom you previously shared with
If you want to make sure no one else can see your location
This document is a great resource, and worth sharing on social media — you never know, someone might be looking for this information — and keep a link to the document for future reference. More

Image: Mozilla
Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection.

ZDNet Recommends

The best VPNs for 2021
VPNs aren’t essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online. Here are your top choices for best VPNs in 2020 and how to get set up.
Read More

The feature is based on “Client-Side Storage Partitioning,” a new standard currently being developed by the World Wide Web Consortium’s Privacy Community Group.
“Network Partitioning is highly technical, but to simplify it somewhat; your browser has many ways it can save data from websites, not just via cookies,” privacy researcher Zach Edwards told ZDNet in an interview this week.
“These other storage mechanisms include the HTTP cache, image cache, favicon cache, font cache, CORS-preflight cache, and a variety of other caches and storage mechanisms that can be used to track people across websites.”
Edwards says all these data storage systems are shared among websites.
The difference is that Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool.
This makes it harder for websites and third-parties like ad and web analytics companies to track users since they can’t probe for the presence of other sites’ data in this shared pool.

According to Mozilla, the following network resources will be partitioned starting with Firefox 85:
HTTP cache 
Image cache 
Favicon cache 
Connection pooling 
StyleSheet cache 
DNS 
HTTP authentication 
Alt-Svc 
Speculative connections 
Font cache 
HSTS 
OCSP 
Intermediate CA cache 
TLS client certificates 
TLS session identifiers 
Prefetch 
Preconnect 
CORS-preflight cache 
But while Mozilla will be deploying the broadest user data “partitioning system” to date, the Firefox creator isn’t the first.
Edwards said the first browser maker to do so was Apple, in 2013, when it began partitioning the HTTP cache, and then followed through by partitioning even more user data storage systems years later, as part of its Tracking Prevention feature.
Google also partitioned the HTTP cache last month, with the release of Chrome 86, and the results began being felt right away, as Google Fonts lost some of its performance metrics as it couldn’t store fonts in the shared HTTP cache anymore.
The Mozilla team expects similar performance issues for sites loaded in Firefox, but it’s willing to take the hit just to improve the privacy of its users.
“Most policy makers and digital strategists are focused on the death of the 3rd party cookie, but there are a wide variety of other fingerprinting techniques and user tracking strategies that need to be broken by browsers,” Edwards also ZDNet, lauding Mozilla’s move.
PS: Mozilla also said that a side-effect of deploying Network Partitioning is that Firefox 85 will finally be able to block “supercookies” better, a type of browser cookie file that abuses various shared storage mediums to persist in browsers and allow advertisers to track user movements across the web. More

This marks the second time browsers makers had to intervene and block a certificate used by the Kazakhstan government to spy on its citizens. More

The list includes vendors banned from trading with US companies on the grounds of national security. More

Four threat intel firms, Digital Shadows, Intel 471, Gemini Advisory, and Kela, said the disruption was temporary. More

Virtual private networks aren’t essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online. Here are your top choices in VPN service providers and how to get set up. More

You can get a Microsoft Account for free, but that doesn’t begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a solid baseline of security and protect that account from intruders. More