The threat analysis group led by the Redmond firm has urged governments to take necessary action against surveillance companies that allow their customers to abuse spyware with impunity.
At the beginning of February, Google published a report highlighting the increase in commercial spyware, and castigating surveillance companies, which the firm presents as a threat to press freedom, free expression and neutrality. of the Internet. The study, conducted by the multinational’s Threat Analysis Group (TAG), also reveals that this spyware is mainly developed in Europe on behalf of governments, and responsible for exploiting more than half of 0-day vulnerabilities discoveries in the Google and Android ecosystems.
Zero-day exploits for Big Tech products
In a public report titled “Buying Spyware: An In-Depth Report on Surveillance Software Vendors,” Google’s Threat Analysis Group (TAG) revealed that it had closely studied the practices of around 40 companies specializing in the marketing of surveillance software (Commercial Surveillance Vendors, CSV). We learn in particular that in addition to cybersecurity companies well known to the general public, such as NSO group, there are dozens of more confidential CSVs, but playing an equally important role in the development and sale of spyware. This is for example the case of Variston, a Barcelona startup extremely discreet about its profile and its activities, responsible for the exploitation of four zero-day vulnerabilities on Google products (including Android), but also of a flaw on Firefox and three flaws in Apple services (WebKit and iOS).
In total, since 2014, the TAG has spotted 72 zero-day exploits in Google products and services, 35 of which were marketed by CSVs. For the year 2023 alone, 20 of the 24 actively exploited vulnerabilities were using tools developed by these monitoring software publishers. Figures which only reflect the tip of the iceberg, according to the Redmond firm, to the extent that the TAG saw fit to only count the exploits of which it was certain of the authorship. The number of vulnerabilities exploited would in reality be much higher, both concerning Google products, but also other companies like Apple or Mozilla.
A major risk for individual and collective freedoms
If we can understand Google’s annoyance with CSVs allowing it to exploit critical flaws in its products and services, the practices of spyware publishers raise far more serious issues concerning surveillance abuses. individual towards mass surveillance.
Still in its report, the TAG insists on the fact that the technologies developed by CSVs, and marketed to governments around the world under the guise of fighting crime and terrorism, are increasingly used to track down those that Google calls “high-risk profiles”, namely journalists, political opponents, human rights defenders. Deadly mechanisms for the public speaking and engagement of these users, with an essential role in the preservation of democracies. Clearly, the proliferation of tools for monitoring and exploiting zero-day vulnerabilities seriously threatens press freedom, free expression and web neutrality, especially when this software is massively provided by private companies to States, and undetectable by antiviruses.
Even more serious: the propensity of CSVs to develop exploits on consumer products and devices, such as Android or iOS, outlines the contours of insidious mass surveillance against which Google intends to fight. In addition to the set of measures taken by the web giant (regular deployment of security patches, sharing of intelligence strategies and fixes with its competitors, active communication regarding disrupted operations, VRP rewards program, etc.), Google has urges governments to take the threat of organizing collective action and a concerted international effort to effectively stem the threat posed by the spyware market.
See the offer
9.5
- Excellent feature/subscription price ratio
- Flawless efficiency of the service
- Light impact on performance
Bitdefender continues the momentum of previous versions with continued efficiency. To detect and block any type of threat coming from the Internet, the suite is flawless. There are no false positives to report, and it has no significant impact on Windows performance. The software protects your computer flawlessly, therefore. Compared to previous versions, we regret some interface choices which lean too much towards the general public, even if we always salute the didactic effort of the publisher. Bitdefender’s suite is undoubtedly one of the best security suites for Windows to protect your files, at an attractive price for purchasing the subscription. It is also available on Apple and Android systems.
Bitdefender continues the momentum of previous versions with continued efficiency. To detect and block any type of threat coming from the Internet, the suite is flawless. There are no false positives to report, and it has no significant impact on Windows performance. The software protects your computer flawlessly, therefore. Compared to previous versions, we regret some interface choices which lean too much towards the general public, even if we always salute the didactic effort of the publisher. Bitdefender’s suite is undoubtedly one of the best security suites for Windows to protect your files, at an attractive price for purchasing the subscription. It is also available on Apple and Android systems.
Source : Google
I dismantle, I reassemble, I repair, I tinker, I experiment, I divert, I shape, I start again. Determined, nothing electrifies me more than spending hours trying to understand the why and the how, until it works. If I'm not behind my screen testing software or writing about Silicon Valley, you'll find me in the vegetable garden configuring a connected irrigation circuit, powered by solar energy.
Read other articles
3