Today, the Threat Analysis Group revealed new information about its efforts to identify and help patch a zero-day exploit impacting Android devices built by a commercial surveillance vendor. According to the researchers, the research presented at the Black Hat conference in Las Vegas is the latest attempt by Google to step up its efforts against a growing private surveillance industry. The Linux operating system's core piece of software was vulnerable to a zero-day exploit. The attackers used an exploit chain to gain control of users' devices. There are a number of zero-day exploits attributed to the developer of the platform. Several novel and unseen exploitation techniques were used by the vendor in this instance. The vendor is well funded according to the spokesman. The exploit was reported on the Linux Kernel Mailing List before the vulnerability was patched. The Linux Foundation rejected the patch that was offered. There was a disagreement on whether or not to implement the patch in the public Linux kernels email thread.
One developer wrote, "Why would I apply a patch that doesn't have a proper commit message, lacks a proper sign off, and also lacks ACK's and feedback from other developers?"
In response to the increase in the number of attacks, Google has increased its efforts to spot and identify the groups. The growth of commercial spyware vendors and hack-for-hire groups has necessitated growth in TAG, according to testimony delivered to the House Intelligence Committee.
According to Huntley, his team has found that advanced commercial spyware firms, like Israel-based NSO Group, have been able to acquire hacking capabilities once reserved to the world's most advanced state-sponsored intelligence agencies. The use of those techniques, which can include zero click exploits that take over a device potentially without a user ever engaging with malicious content, seem to be increasing and are being carried out at the request of governments. Huntley's team discovered nine zero-day exploits last year, seven of which were developed by commercial providers. The highest bidder can now purchase highly technical techniques that were only available to a select group of countries.
The proliferation of dangerous hacking tools, as well as nation state actors that would not otherwise be able to develop these capabilities in-house, are enabled by these vendors. Under national or international laws, use of surveillance technologies may be legal, but they are found to be used by some state actors to target dissidents, journalists, human rights workers, and opposition party politicians.
The industry appears to be doing well. Huntley spoke.
Lucas Ropek made a report.