Joel Trenaman: The Canadian lab that revealed critical flaw that left Apple devices vulnerable

Content of the article

On November 23, Apple announced that it was suing a global software developer over a security breach that left its operating systems vulnerable to surveillance. In September, Apple rushed to release a protection patch for 1.65 billion reported devices that were vulnerable to the infamous Pegasus spyware from the NSO Group. How did Apple find out that it had been hacked? The Citizen Lab of Canada has sounded the alarm.

Content of the article

NSO Group has licensed Pegasus to the military, as well as intelligence and law enforcement agencies around the world. Citizen Lab has identified a flaw that made Apple devices vulnerable to a zero-click hack, in which malicious code can be implanted on a device without any user action, which Pegasus had exploited.

Citizen Lab is an interdisciplinary human rights, security and technology research group founded in 2001. Part of the Munk School of Global Affairs and Public Policy at the University of Toronto, the lab focuses on digital espionage, online freedom of expression, application privacy, and the security and uses of personal data and surveillance tools.

The U of T group is not alone among Canadian private academic and institutional research groups, like the Cyber ​​Security Evaluation and Assurance Research Lab at Carleton University, which explores ways to protect the Canada’s critical infrastructure against cyber attacks. The SecDev Foundation, the Waterloo Cybersecurity and Privacy Institute, the Canadian Institute for Cyber ​​Security at the University of New Brunswick and others also operate in this space.

Content of the article

What sets Citizen Lab apart is its focus on action at the confluence of public policy, rights, freedoms and cybersecurity. One of the reasons for this diverse approach is the experience and skills of its director and founder, Ron Deibert, who was first trained as a professor of political science, and not as a programmer or technical assistant.

The lab has a long history of uncovering digital threats like the Apple attack. In recent months, he has also made headlines for speaking out against the use of Pegasus against New York Times bureau chief Ben Hubbard and for a report analyzing how health data has been used in the fight against COVID-19.

In today’s polarized world, another great thing for Citizen Lab is that it is difficult to detect overt ideological or political biases. For example, its researchers thoroughly investigated both the hacking of Palestinian militants’ cellphones earlier this month (also via Pegasus) and what he dubbed, in 2019, “Endless Mayfly” – “a Iran-aligned network of inauthentic social media characters and accounts. which spreads lies and amplifies critical narratives of Saudi Arabia, the United States and Israel.

Content of the article

Here at home, Citizen Lab has been fearless to apply the same impartial approach and the same detailed critiques to Canadian public policy. For example, he spoke out against the many forms of Chinese censorship, but went against the grain with a general conclusion on 5G that “Canada does not have a ‘Huawei problem’ per se. “

In September, in response to the federal Liberal government’s online prejudice bill (Bill C-36, which was at least temporarily scuttled by the election), Citizen Lab wrote a scathing submission to the Heritage Department, in which he called what he saw as an “inadequate” consultation process and an approach that will lead to “disproportionate levels of user censorship.”

Content of the article

He then described the draft regulation as “an aggressive, algorithmic and punitive regime for the removal of content … without any consideration of substantive equality or clear guarantees against abuse of process”. The authors also point to powers that “would explicitly delegate technology companies to the surveillance and policing of their users on behalf of Canadian law enforcement and intelligence agencies.”

This is the kind of smart contribution to policy making that is desperately needed in the current vacuum at the federal level. Governments around the world are struggling to meaningfully protect privacy and reduce disinformation, without limiting speech, overstretching oversight, or limiting reasonable business interests. Yet governments simply do not have the cutting edge technological expertise found in commerce or in the private sector and civil society. This is where an organization like Citizen Lab can play a major and forward-looking role.

Content of the article

Deibert told The Globe and Mail in 2019 that the aforementioned Operation Mayfly “may be a sign of things to come at a time when unsuspecting readers increasingly fall prey to distant factions to manipulate public discourse with disinformation disseminated through social media. “

Sound familiar here in 2021? There is no end in sight to social media manipulation, state espionage, ransomware attacks and the like, and ideas like an international cyber weapons control treaty seem ludicrous in the face of the power of the actors. non-state. Now more than ever, we need independent and expert NGOs like Citizen Lab to identify and expose threats in the digital world.

National post

The big problems are far from over. Subscribe to the NP Comment, NP Platformed newsletter.