Paragon spyware deployed against journalists and activists, Citizen Lab claims

Infosec newsbytes Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used to target journalists, activists, and other civilians.

Paragon Solutions was co-founded in 2019 by former Israeli Prime Minister Ehud Barak and Ehud Schneorson, a former commander of signals intelligence agency Unit 8200. Its flagship spyware, Graphite, is pitched as a more restrained alternative to NSO Group’s Pegasus, as it allows surveillance of messaging apps without taking full control of a target’s phone, according to the lab’s write-up.

Citizen Lab at the University of Toronto, Canada, shared technical details of Paragon’s infrastructure with Meta so that WhatsApp could identify and block a zero-click exploit used by Paragon to inject its spyware into a victim’s device without that target having to touch anything. WhatsApp later notified 90 or so users, including journalists and civil society members, who were believed to have been targeted with Paragon’s spyware.

“For journalists, human rights defenders, academics, and other members of civil society, we strongly recommend working with trusted experts to counter the risk of such attacks,” the Meta business unit warned.

Citizen Lab identified several Italian WhatsApp users targeted by Paragon’s spyware, including Francesco Cancellato, editor-in-chief of investigative outlet Fanpage.it. Luca Casarini and Giuseppe Caccia, co-founders of Mediterranea Saving Humans, a group known for rescuing migrants in the Mediterranean and criticizing the Meloni government’s immigration policies, were also allegedly targeted.

And it’s said the governments of Australia, Canada, Singapore, Cyprus, and Denmark, as well as Israel, are among Paragon’s customers.

Parental control spyware customer data leaks

SpyX, an outfit which markets itself as providing “the best phone monitoring software for parental control,” has suffered a security breach in which people’s data was stolen from it, TechCrunch reported this week.

SpyX’s stalkerware app offers features including keylogging, call and SMS tracking, and social media monitoring. The tables turned after a cyber-heist in June 2024 put nearly two million accounts’ details at the fingertips of miscreants, according to Have I Been Pwned, which has now added the SNAFU to its security breach alert system.

The stolen data included email addresses, device information, geographic locations, IP addresses, and some passwords. SpyX did not respond to requests for comment, but according to Troy Hunt, who runs Have I Been Pwned, the privacy breach also exposed nearly 300,000 accounts linked to SpyX clones Msafely and SpyPhone.

It’s not the first stalkerware outfit to be burned by a cyber-attack. Last July, mSpy – a spyware app marketed as a parental control tool that tracks calls, messages, and locations – had info on about 2.4 million customers stolen from it.

Such leaks can be fatal to such businesses. LetMeSpy, another Android stalkerware vendor, shut down in 2023 after being ransacked. An outfit called pcTattletale suffered the same fate the following year.

US military confirms there’s no direct F-35 kill switch

The US military has denied claims that it built a secret on-off “kill switch” into its F-35 fifth-generation fighter jet. The primary contractor for the plane is American aerospace giant Lockheed Martin, which works with partners on the program.

“There is no ‘kill switch,'” a Dept of Defense spokesperson told The Register. “The F-35 was conceived, developed, and continues to be operated and sustained as a joint/coalition platform, built on strong partnerships with US allies and partner nations across the globe.

“The program operates under well-established agreements that ensure all F-35 operators have the necessary capabilities to sustain and operate their aircraft effectively. The F-35 program will continue to provide all F-35 stakeholders with lethal, warfighting capability to deter, defend, and defeat aggression against any adversary.”

The claim of a hidden way to completely disable the F-35 on demand, from afar, was made by a German arms dealer. Concerns among what were once American allies about possible remote control over US-made weapons have grown, particularly after military aid to Ukraine was briefly suspended.

The idea of building a kill switch is nonsensical from a security standpoint. No backdoor is undiscoverable and there’s no way that the US would include a remote off-switch that could be used by an adversary.

That said, the F-35 is heavily dependent on software, and if those updates were to stop coming through, the planes would still fly but become increasingly vulnerable to enemy defenses. Cutting off that code and data would be a sort-of kill switch.

On top of that, the aircraft needs maintenance parts and work, and if that’s restricted or hampered, the thing becomes shall we say rather less useful. ®

READ MORE HERE