Joel Trenaman: The Canadian lab that revealed critical flaw that left Apple devices vulnerable

Citizen Lab Identified Flaw That Made Apple Devices Vulnerable to Zero-Click Hack

Content of the article

On November 23, Apple announced that it was suing a global software developer over a security breach that left its operating systems vulnerable to surveillance. In September, Apple rushed to release a protection patch for 1.65 billion reported devices that were vulnerable to the infamous Pegasus spyware from the NSO Group. How did Apple find out that it had been hacked? The Citizen Lab of Canada has sounded the alarm.


Content of the article

NSO Group has licensed Pegasus to the military, as well as intelligence and law enforcement agencies around the world. Citizen Lab has identified a flaw that made Apple devices vulnerable to a zero-click hack, in which malicious code can be implanted on a device without any user action, which Pegasus had exploited.

Citizen Lab is an interdisciplinary human rights, security and technology research group founded in 2001. Part of the Munk School of Global Affairs and Public Policy at the University of Toronto, the lab focuses on digital espionage, online freedom of expression, application privacy, and the security and uses of personal data and surveillance tools.

The U of T group is not alone among Canadian private academic and institutional research groups, like the Cyber ​​Security Evaluation and Assurance Research Lab at Carleton University, which explores ways to protect the Canada’s critical infrastructure against cyber attacks. The SecDev Foundation, the Waterloo Cybersecurity and Privacy Institute, the Canadian Institute for Cyber ​​Security at the University of New Brunswick and others also operate in this space.


Content of the article

What sets Citizen Lab apart is its focus on action at the confluence of public policy, rights, freedoms and cybersecurity. One of the reasons for this diverse approach is the experience and skills of its director and founder, Ron Deibert, who was first trained as a professor of political science, and not as a programmer or technical assistant.

The lab has a long history of uncovering digital threats like the Apple attack. In recent months, he has also made headlines for speaking out against the use of Pegasus against New York Times bureau chief Ben Hubbard and for a report analyzing how health data has been used in the fight against COVID-19.

In today’s polarized world, another great thing for Citizen Lab is that it is difficult to detect overt ideological or political biases. For example, its researchers thoroughly investigated both the hacking of Palestinian militants’ cellphones earlier this month (also via Pegasus) and what he dubbed, in 2019, “Endless Mayfly” – “a Iran-aligned network of inauthentic social media characters and accounts. which spreads lies and amplifies critical narratives of Saudi Arabia, the United States and Israel.


Content of the article

Here at home, Citizen Lab has been fearless to apply the same impartial approach and the same detailed critiques to Canadian public policy. For example, he spoke out against the many forms of Chinese censorship, but went against the grain with a general conclusion on 5G that “Canada does not have a ‘Huawei problem’ per se. “

In September, in response to the federal Liberal government’s online prejudice bill (Bill C-36, which was at least temporarily scuttled by the election), Citizen Lab wrote a scathing submission to the Heritage Department, in which he called what he saw as an “inadequate” consultation process and an approach that will lead to “disproportionate levels of user censorship.”


Content of the article

He then described the draft regulation as “an aggressive, algorithmic and punitive regime for the removal of content … without any consideration of substantive equality or clear guarantees against abuse of process”. The authors also point to powers that “would explicitly delegate technology companies to the surveillance and policing of their users on behalf of Canadian law enforcement and intelligence agencies.”

This is the kind of smart contribution to policy making that is desperately needed in the current vacuum at the federal level. Governments around the world are struggling to meaningfully protect privacy and reduce disinformation, without limiting speech, overstretching oversight, or limiting reasonable business interests. Yet governments simply do not have the cutting edge technological expertise found in commerce or in the private sector and civil society. This is where an organization like Citizen Lab can play a major and forward-looking role.


Content of the article

Deibert told The Globe and Mail in 2019 that the aforementioned Operation Mayfly “may be a sign of things to come at a time when unsuspecting readers increasingly fall prey to distant factions to manipulate public discourse with disinformation disseminated through social media. “

Sound familiar here in 2021? There is no end in sight to social media manipulation, state espionage, ransomware attacks and the like, and ideas like an international cyber weapons control treaty seem ludicrous in the face of the power of the actors. non-state. Now more than ever, we need independent and expert NGOs like Citizen Lab to identify and expose threats in the digital world.

National post

The big problems are far from over. Subscribe to the NP Comment, NP Platformed newsletter.

  1. Nothing

    Matt Gurney: Cyberattack on Newfoundland’s health care system should be a wake-up call to Canadians

  2. Nothing

    John Chen: Make cybersecurity a priority in 2021


  1. Gift guide: 30 beauty boxes to end this season

    From skin care samplers to full-fledged mega makeup kits, here are the most dazzling holiday gift sets covering makeup, skin care, hair care and more.

    The holiday season is full of beauty goodies.
  2. Glam is back with a vengeance this holiday season

    After more than 18 months of fading colors and hiding lips, people are starting to relax and come alive again – and experimenting with new looks and styles.

    Glam is back with a vengeance and ...
  3. Advertising

  4. Best Buy Cyber ​​Weekend Deals Canada 2021

    Your go-to destination for the latest Best Buy Cyber ​​Weekend deals

    If you're waiting to hear all about Best Buy's Black Friday deal, stick around.  We'll have you covered.
  5. Best Cyber ​​Weekend Deals in Canada 2021

    Your go-to source for all the best Black Friday deals: tech, toys, fashion, mattresses, beauty, wellness, travel and more

    Prepare for the Black Friday sales.  Coming soon.
  6. Beauty Bar: Dior Makeup The Holiday collection L’Atelier des Rêves

    Special holiday makeup from the French brand Dior.

    Dior Atelier of Dreams 5 Couleurs Couture eyeshadow palette at Atelier Doré.


Postmedia is committed to maintaining a lively but civil discussion forum and encourages all readers to share their views on our articles. Comments may take up to an hour of moderation before appearing on the site. We ask that you keep your comments relevant and respectful. We have enabled email notifications. You will now receive an email if you receive a reply to your comment, if there is an update to a comment thread that you follow, or if a user that you follow comments. Check out our community guidelines for more information and details on how to adjust your email settings.

About Georgia Duvall

Check Also

AnyClip Selected by Aragon Research as “Hot Vendor” in Collaboration Software for 2022

AI-powered visual intelligence platform enables video-based collaboration for the hybrid workforce NEW YORK, June 14, …