Researchers from the University of Toronto's outstanding Citizen Lab (previously) have published their latest research on the notorious and prolific Israeli cyber-arms-dealer The NSO Group (previously), one of the world's go-to suppliers for tools used by despots to spy on dissidents and opposition figures, often as a prelude to their imprisonment, torture and murder. Read the rest

Securus is the widely abused location-tracking tool that exploits a loophole in privacy law to allow police to extract realtime and historical cellphone location data without a warrant or any accountability. Read the rest

Since 2016, when an FBI agent first used a dead suspect's finger to unlock his phone, police forces across the USA have made a routine practice of unlocking phones using suspects and victims' dead fingers, saving big on buying cyberwar tools like Cellebrite's $1500-$3000 unlocker, or Grayshift's $30k/year Graykey. Read the rest

Public records requests have revealed that on at least four occasions, the Raleigh-Durham police obtained warrants forcing Google to reveal the identities of every mobile user within acres of a crime scene, sweeping up the personal information of thousands of people in a quest to locate a single perp. Read the rest

Israeli security research firm CTS-Labs has published a white paper detailing nine flaws in AMD processors that they claim leave users open to devastating attacks with no mitigation strategies; these attacks include a range of manufacturer-installed backdoors. Read the rest

Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest

The epidemic of cryptojacking malware isn't merely an outgrowth of the incentive created by the cryptocurrency bubble -- that's just the motive, and the all-important the means and opportunity were provided by the same leaked NSA superweapon that powered last year's Wannacry ransomware epidemic. Read the rest

A pair of researchers have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable. Read the rest

Flexispy is the creepy stalkerware advertised to abusive spouses and exes that Motherboard's Joseph Cox has been relentlessly tracking; when he acquired a leaked trove of the company's files, he started to mine it to see who was buying the potentially illegal app. Read the rest

Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest

Self-driving cars require incredibly accurate, up-to-date maps; in China, only Chinese companies will be able to make these maps. Nominally, this is about preventing espionage, but it also has the non-coincedental effect of forcing foreign autonomous vehicle companies to partner with (much more easily controlled) Chinese firms, a policy already in place for traditional auto manufacturing. Read the rest

Back in 2015, Canada's failing, doomed Conservative government introduced Bill C-51, a far-reaching mass surveillance bill that read like PATRIOT Act fanfic; Justin Trudeau, leader of what was then a minority opposition party, whipped his MPs to vote for it, allowing it to pass, and cynically admitting that he was only turning this into law because he didn't want to give the Conservatives a rhetorical stick to beat him with in the next election -- he promised that once he was Prime Minister, he'd fix it. Read the rest

Rodney Brooks -- eminent computer scientist and roboticist who has served as head of MIT's Computer Science and Artificial Intelligence Laboratory and CTO of Irobot -- has written a scorching, provocative list of the seven most common errors made (or cards palmed) by pundits and other fortune-tellers when they predict the future of AI. Read the rest

Zerodium is a cyber-arms dealer that produces hacking tools for governments by buying up newly discovered defects in widely used systems, weaponizing them and then selling them to be used against criminals, activists, journalists and other targets of state surveillance. Read the rest

Cloudflare's joint research with "a large e-commerce site" and Mozilla found that between 4-10% of secure, encrypted web connections are "intercepted," largely by corporate antivirus software that inserts its own certificates into users' browsers, allowing it to scan all traffic entering workers' computers. Read the rest

It's been a year since the Ugandan government placed an order with a South Korean company for a "censor gadget or machine" that would "detect homos and porn actors, especially those misusing applications like Whatsapp with sex acts." Now, they've taken delivery of same. Read the rest

In July 2016, Andrew "bunnie" Huang and Edward Snowden presented their research on journalist-friendly mobile surveillance resistance at the first MIT Media Lab Forbidden Research conference; a little over a year later, they have published an extensive scholarly paper laying out the problems of detecting and interdicting malware in a mobile device, and presenting a gorgeously engineered hardware overlay that can be installed in an Iphone to physically monitor the networking components and report on their activity via a screen on a slim external case. Read the rest