Connect with us

Tech

It Seemed Like a Popular App. But It’s Secretly an Emirati Spy Tool – News18

Published

 on


Washington: It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.

But the service, ToTok, is actually a spying tool, according to US officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the US last week, according to app rankings and App Annie, a research firm.

ToTok amounts to the latest escalation in a digital arms race among wealthy authoritarian governments, interviews with current and former US foreign officials and a forensic investigation showed. The governments are pursuing more effective and convenient methods to spy on foreign adversaries, criminal and terrorist networks, journalists and critics — efforts that have ensnared people all over the world in their surveillance nets.

Persian Gulf nations like Saudi Arabia, the Emirates and Qatar previously turned to private firms — including Israeli and U.S. contractors — to hack rivals and, increasingly, their own citizens. The development of ToTok, experts said, showed that the governments can cut out the intermediary to spy directly on their targets, who voluntarily, if unwittingly, hand over their information.

A technical analysis and interviews with computer security experts showed that the firm behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm where Emirati intelligence officials, former National Security Agency employees and former Israeli military intelligence operatives work. DarkMatter is under FBI investigation, according to former employees and law enforcement officials, for possible cybercrimes. The U.S. intelligence assessment and the technical analysis also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm that appears to be tied to DarkMatter.

Pax AI’s headquarters operate from the same Abu Dhabi building as the Emirates’ signals intelligence agency, which until recently was where DarkMatter was based.

The UAE is one of America’s closest allies in the Middle East, seen by the Trump administration as a bulwark against Iran and a close counterterrorism partner. Its ruling family promotes the country as an example of a modern, moderate Arab nation, but it has also been at the forefront of using surveillance technology to crack down on internal dissent — including hacking Western journalists, emptying the banking accounts of critics, and holding human rights activists in prolonged solitary confinement over Facebook posts.

The government blocks specific functions of apps like WhatsApp and Skype, a reality that has made ToTok particularly appealing in the country. Huawei, the Chinese telecom giant, recently promoted ToTok in advertisements.

Spokesmen for the CIA and the Emirati government declined to comment. Calls to a phone number for Breej Holding rang unanswered, and Pax employees did not respond to emails and messages. An FBI spokeswoman said that “while the FBI does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose.”

When The Times initially contacted Apple and Google representatives with questions about ToTok’s connection to the Emirati government, they said they would investigate. On Thursday, Google removed the app from its Play store after determining ToTok violated unspecified policies. Apple removed ToTok from its App Store on Friday and was still researching the app, a spokesman said. ToTok users who already downloaded the app will still be able to use it until they remove it from their phones.

It was unclear when U.S. intelligence services first determined that ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that U.S. officials have warned some allies about its dangers. It is not clear whether U.S. officials have confronted their counterparts in the Emirati government about the app. One digital security expert in the Middle East, speaking on the condition of anonymity to discuss powerful hacking tools, said that senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.

ToTok appears to have been relatively easy to develop, according to a forensic analysis performed for The Times by Patrick Wardle, a former NSA hacker who works as a private security researcher. It appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences.

ToTok is a cleverly designed tool for mass surveillance, according to the technical analysis and interviews, in that it functions much like the myriad other Apple and Android apps that track users’ location and contacts.

On the surface, ToTok tracks users’ location by offering an accurate weather forecast. It hunts for new contacts any time a user opens the app, under the pretense that it is helping connect with their friends, much like how Instagram flags Facebook friends. It has access to users’ microphones, cameras, calendar and other phone data. Even its name is an apparent play on the popular Chinese app TikTok.

Though billed as “fast and secure,” ToTok makes no claim of end-to-end encryption, like WhatsApp, Signal or Skype. The only hint that the app discloses user data is buried in the privacy policy: “We may share your personal data with group companies.”

So instead of paying hackers to gain access to a target’s phone — the going rate is up to $2.5 million for a hacking tool that can remotely access Android phones, according to recent price lists — ToTok gave the Emirati government a way to persuade millions of users to hand over their most personal information for free.

“There is a beauty in this approach,” said Wardle, now a security researcher at Jamf, a software company. “You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone. By uploading contacts, video chats, location, what more intelligence do you need?”

In an intelligence-gathering operation, Wardle said, ToTok would be Phase 1. Much like the NSA’s bulk metadata collection program — which was quietly shut down this year — ToTok allows intelligence analysts to analyze users’ calls and contacts in search of patterns, though its collection is far more invasive. It is unclear whether ToTok allows the Emiratis to record video or audio calls of its users.

Each day, billions of people freely forgo privacy for the convenience of using apps on their phones. The Privacy Project by the Times’ Opinion section published an investigation last week revealing how app makers and third parties track the minute-by-minute movements of mobile phone users.

Private companies collected that data for targeted marketing. In ToTok’s case — according to current and former officials and digital crumbs the developers left behind — much of the information is funneled to intelligence analysts working on behalf the Emirati state.

In recent months, semiofficial state publications began promoting ToTok as the free app long sought by Emiratis. This month, users of a messaging service in the Emirates requiring paid subscriptions, Botim, received an alert telling users to switch to ToTok — which it called a “free, fast and secure” messaging app. Accompanying the message was a link to install it.

The marketing seems to have paid off.

In reviews, Emiratis expressed gratitude to ToTok’s developers for finally bringing them a free messaging app. “Blessings! Your app is the best App so far that has enable me and my family to stay connected!!!” one wrote. “Kudos,” another wrote. “Finally, an app that works in the UAE!”

ToTok’s popularity extended beyond the Emirates. According to recent Google Play rankings, it was among the top 50 free apps in Saudi Arabia, Britain, India, Sweden and other countries. Some analysts said it was particularly popular in the Middle East because — at least on the surface — it was unaffiliated with a large, powerful nation.

Though the app is a tool for the Emirati government, the exact relationship between the firms behind it is murky. Pax employees are made up of European, Asian and Emirati data scientists, and the company is run by Andrew Jackson, an Irish data scientist who previously worked at Palantir, a Silicon Valley firm that works with the Pentagon and U.S. spy agencies.

Its affiliate company, DarkMatter, is in effect an arm of the Emirati government. Its operations have included hacking government ministries in Iran, Qatar and Turkey; executives of FIFA, the world soccer organization; journalists and dissidents.

Last month, the Emirati government announced that DarkMatter would combine with two dozen other companies to create a defense conglomerate focused on repelling cyberattacks.

The FBI is investigating American employees of DarkMatter for possible cybercrimes, according to people familiar with the investigation. The inquiry intensified after former NSA hackers working for the company grew concerned about its activities and contacted the bureau. Reuters first reported the program they worked on, Project Raven.

At Pax, data scientists openly brag about their work on LinkedIn. One who listed his title as “data science team lead” said he had created a “message intelligence platform” that reads billions of messages to answer four questions: “who you are, what you do, how do you think, and what is your relationship with others.”

“With the answers to these four questions, we know everything about one person,” wrote the data scientist, Jingyan Wang.

Other Pax employees describe their experience creating tools that can search government data sets for faces from billions of video feeds and pinpoint Arabic dialects from transcribed video messages.

None mention an affiliation with ToTok.

Mark Mazzetti, Nicole Perlroth and Ronen Bergman c.2019 The New York Times Company

Get the best of News18 delivered to your inbox – subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what’s happening in the world around you – in real time.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

It's official: We're not getting a OnePlus 8T Pro – Android Authority

Published

 on


OnePlus 8 Pro 16OnePlus 8 Pro 16

  • OnePlus has confirmed that there won’t be a OnePlus 8T Pro.
  • The company is directing users to the OnePlus 8 Pro instead.

OnePlus has offered a Pro variant of the OnePlus 7, OnePlus 7T, and OnePlus 8 series, but a major leak earlier this month pointed to the company skipping out on a OnePlus 8T Pro.

Now, OnePlus founder and CEO Liu Zuohu (aka Pete Lau) has confirmed on Weibo that the OnePlus 8T Pro won’t accompany the OnePlus 8T. Check out the post below.

OnePlus 8T Pro Pete Lau WeiboOnePlus 8T Pro Pete Lau Weibo

Lau directs users wanting a “Pro-level” phone to get the OnePlus 8 Pro instead. The machine-translated text also suggests that OnePlus felt they couldn’t deliver a major upgrade from the OnePlus 8 Pro by offering a OnePlus 8T Pro.

For what it’s worth, last year’s OnePlus 7T Pro wasn’t a major upgrade from the OnePlus 7 Pro at all. However, the OnePlus 7T earned critical acclaim for gaining several major upgrades over the OnePlus 7, such as a high refresh rate screen and a telephoto rear camera. So it seems like the company doesn’t want to repeat the OnePlus 7T Pro situation of launching a Pro model for the sake of it.

Please wait..Please wait.. Loading poll

OnePlus 8T rumors and teases point to a great flagship on paper, but the OnePlus 8 Pro still seems to offer a few extra features over the upcoming phone.

The 8T is expected to offer a 120Hz screen, a 4,500mAh battery, and faster wired charging. However, the 8 Pro adds wireless charging, a telephoto rear camera, a higher resolution ultra-wide camera, and an IP rating. Leaks and official disclosures point to the OnePlus 8T missing the three former features, while water/dust resistance isn’t confirmed yet either.

Which device would you buy if you had to choose one? Let us know in the poll above!

Next: OnePlus Watch — All the rumors and what we want to see

Please enable JavaScript to view the comments powered by Disqus.

.lazyload,.lazyloadingopacity:0;.lazyloadedopacity:1;transition:opacity 300ms;.lazyloaddisplay:none;

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

OnePlus teases debut for mysterious "OnePlus World"

Published

 on

oneplus world teaseroneplus world teaser

  • OnePlus has teased the debut of a “OnePlus World” on October 1.
  • The early hints suggest it’s a virtual space for fans or products.
  • It comes just two weeks before the OnePlus 8T launch.

OnePlus may precede the 8T launch with the debut of something… different. The company has teased (via GizmoChina) the premiere of a OnePlus World on October 1, with hints that it might be a virtual space.

The teaser doesn’t include many details, but the picture suggests OnePlus is launching a virtual reality-like environment with avatars. It could be a community hub or a product showcase — assuming it isn’t something else entirely. We wouldn’t count on requiring a VR headset if it is a digital environment. Adoption of VR technology is still low enough that relatively few fans would have the necessary hardware.

oneplus world virtual teaser squareoneplus world virtual teaser square

OnePlus is no stranger to virtual worlds, at least. It used an augmented reality app to launch the Nord due to the COVID-19 pandemic. An online space would also be helpful at a time when customers aren’t always comfortable visiting OnePlus’ physical locations.

The timing is difficult to ignore, too. OnePlus World is appearing just two weeks before the 8T introduction and might represent a way to discuss or showcase the new phone. Whatever World is for, it’s clear that OnePlus will be quite busy going into the fall — new hardware is just one part of a larger picture.

Next: Everything we know about the OnePlus 8T

Comments

Read comments

Please enable JavaScript to view the comments powered by Disqus.

 

 

 

Source:- Android Authority

Source link

Continue Reading

Tech

COVID Alert app nears 3 million users, but only 514 positive test reports

Published

 on

OTTAWA —
New numbers out of the Public Health Agency of Canada show only a gradual increase of downloads of Canada’s COVID-19 exposure notification app since the start of the month, while the number of Canadians using the tool to report their positive test remains low.

The organization told CTVNews.ca on Tuesday that the app has been downloaded 2.94 million times since July 31, however, only 514 users, all of whom are located in Ontario, have actually notified the app about their positive test results, despite the province having recorded more than 9,000 cases since the app came into effect. This is up from about 2.2 million downloads and 100 test disclosures in the first active month.

The new statistics come as politicians once again ramp up calls for Canadians to download the software amid climbing case counts nationwide.

After weeks of relative quiet about the use of COVID Alert, it got two prominent mentions last Wednesday during the much-anticipated Liberal throne speech and then again during Prime Minister Justin Trudeau’s address to the nation later than evening.

“We’ve got the COVID Alert app. Take the teacher who felt fine, but he gets a positive after the app warned her she’d been exposed. COVID Alert meant she went home instead of the classroom. It’s a powerful, free tool that’s easy to use and protects your privacy. So if you haven’t already, download it off the App Store or Google Play,” said Trudeau.

COVID Alert allows users to disclose a positive coronavirus test and alerts anyone who has come close to that person within 14 days via Bluetooth tracking. Public health officials have stressed that it does not track location and has no way of knowing an individual’s location, address, contacts, or health information.

A spokesperson within the prime minister’s office told CTVNews.ca downloads of the app spiked immediately following his public address. Numbers show there were at least 100,000 downloads by Apple and Android users during the hour following.

Intergovernmental Affairs Minister Dominic LeBlanc, Health Minister Patty Hajdu, and Chief Public Health Officer Dr. Theresa Tam echoed Trudeau’s remarks on Tuesday during a public health update.

“Please download the COVID-19 Alert app and join the three million Canadians that have done so to date,” said Hajdu.

Tam also pointed to another online tool dubbed “COVID Trends” released by the Public Health Agency of Canada, which “provides [users] with a number of confirmed COVID-19 cases in your area within the last 14 days.”

Ontario Premier Doug Ford made an urgent plea for Ontarians to download COVID Alert on Monday when the province reported 700 new cases, the highest daily infections ever recorded.

Ontario was the first province to embrace the software in late July but since then, New Brunswick, Newfoundland and Labrador, and Saskatchewan have all adopted the technology.

Questions still linger though about whether the app is achieving its intended goal of breaking “the cycle of infection.”

EXPERT OPINION

A July report in the Harvard Business Review argues that when adoption is voluntary, “contact-tracing apps present the classic chicken-and-egg — or “cold start” — problem experienced by any platform seeking strong network effects: They have virtually no value until they reach a critical mass of users.”

The solution goes beyond design features and marketing tactics, the authors state, but relies instead on localized uptake followed by national implementation.

“The contact-tracing app should be designed so it is instantly valuable to anyone in the targeted community who downloads it…One way to make the app instantly valuable is for it to provide information on local contagion so users know the risks. Another is to include a symptoms-tracking function so users can enter their symptoms and be told when to seek medical help.”

University of Waterloo Professor Plinio Mortia, who heads up the Ubiquitous Health Technology Lab, echoed the need for user customization.

“It’s one of the principles of persuasion design, that tailoring of the solution to the specific user. We’re trying to make an app that will be downloaded by 35 million people across Canada, but we’re being very generic to target everybody, which is not always the best solution,” he said, adding that there’s a key talking point missing from public health directives about the app: motivation.

“They need to tell the public why they should be doing this, why it’s important, why [Canadians] need to download it beyond the fact that it’s safe,” he said. “They still haven’t told people what the real impact having the app on your phone and reporting a COVID-19 diagnosis will have on the population.”

Blayne Haggart, associate professor at the department of political science at Brock University, who’s written extensively about technology use in public policy settings, argues the federal government’s messaging has been misguided.

“For a health policy intervention, you would think you would start with saying ‘this is going to have a great effect on you know, boosting the economy, or stopping a pandemic in this way’ but instead everyone was talking about it in terms of its privacy,” he said.

“That’s not a healthy way to design any kind of government policy.”

Haggart says while privacy is important, effectiveness is equally as vital.

At the time of publication, government officials had not yet responded to a CTVNews.ca inquiry about whether they had identified a threshold to measure success or failure of adoption and the impact of those results on public health.

“This is a general issue with technology and tech design when it’s put into the public policy sphere. It’s not considered in its full context,” said Haggart.

Manitoba and Quebec have also indicated they too will introduce COVID Alert into their regions. LeBlanc said the government is committed to working with and supporting provinces in their contact-tracing capabilities.

“Our government is actively working with other provinces and territories and [the app] will be rolled out to more Canadians very shortly, and I encourage everyone to download it,” he said.

Source:- CTV News

Source link

Continue Reading

Trending