US Issues Warning Over Commercial Spyware

US government security experts have issued new guidance for possible targets of commercial spyware on protecting themselves from unwarranted surveillance.

“Some governments are using commercial surveillance software to target dissidents, journalists & others around the globe who they perceive as critics,” warned the US National Counterintelligence and Security Center (NCSC) in a Twitter post.

“Commercial surveillance tools are also being used in ways that pose a serious counterintelligence and security risk to US personnel and systems.”

The notice explained that the spyware is being deployed to target mobile and other internet-connected devices using Wi-Fi and cellular data connections.

“In some cases, malign actors can infect a targeted device with no action from the device owner. In others, they can use an infected link to gain access to a device,” it said.

Issued jointly by the NCSC and State Department, the guidance document warned that spyware could monitor phone calls, device locations and virtually any content on a device, including text messages, files, chats, messaging app content, contacts and browsing history.

Among the advice for potential targets was to update software regularly, never click on links in unsolicited messages, encrypt and password-protect devices and regularly restart devices to help remove malware implants.

The note also urged individuals to only use trusted VPNs, disable geolocation features and cover the camera.

The guidance comes just weeks after it was revealed that nine State Department staffers had their iPhones remotely hacked by spyware from controversial surveillance firm NSO Group.

The notorious Pegasus malware was used to snoop on the employees, who were either based in Uganda or working on projects concerning the African country.

The Biden administration is cracking down on the activities of commercial spyware providers.

In November, the Treasury put NSO Group on its Entity List – an export blocklist that will make it harder for the firm to get hold of American components or work with US partners.

What’s Hot on Infosecurity Magazine?