Connect with us

Tech

It Seemed Like a Popular App. But It’s Secretly an Emirati Spy Tool – News18

Published

 on


Washington: It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.

But the service, ToTok, is actually a spying tool, according to US officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the US last week, according to app rankings and App Annie, a research firm.

ToTok amounts to the latest escalation in a digital arms race among wealthy authoritarian governments, interviews with current and former US foreign officials and a forensic investigation showed. The governments are pursuing more effective and convenient methods to spy on foreign adversaries, criminal and terrorist networks, journalists and critics — efforts that have ensnared people all over the world in their surveillance nets.

Persian Gulf nations like Saudi Arabia, the Emirates and Qatar previously turned to private firms — including Israeli and U.S. contractors — to hack rivals and, increasingly, their own citizens. The development of ToTok, experts said, showed that the governments can cut out the intermediary to spy directly on their targets, who voluntarily, if unwittingly, hand over their information.

A technical analysis and interviews with computer security experts showed that the firm behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm where Emirati intelligence officials, former National Security Agency employees and former Israeli military intelligence operatives work. DarkMatter is under FBI investigation, according to former employees and law enforcement officials, for possible cybercrimes. The U.S. intelligence assessment and the technical analysis also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm that appears to be tied to DarkMatter.

Pax AI’s headquarters operate from the same Abu Dhabi building as the Emirates’ signals intelligence agency, which until recently was where DarkMatter was based.

The UAE is one of America’s closest allies in the Middle East, seen by the Trump administration as a bulwark against Iran and a close counterterrorism partner. Its ruling family promotes the country as an example of a modern, moderate Arab nation, but it has also been at the forefront of using surveillance technology to crack down on internal dissent — including hacking Western journalists, emptying the banking accounts of critics, and holding human rights activists in prolonged solitary confinement over Facebook posts.

The government blocks specific functions of apps like WhatsApp and Skype, a reality that has made ToTok particularly appealing in the country. Huawei, the Chinese telecom giant, recently promoted ToTok in advertisements.

Spokesmen for the CIA and the Emirati government declined to comment. Calls to a phone number for Breej Holding rang unanswered, and Pax employees did not respond to emails and messages. An FBI spokeswoman said that “while the FBI does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose.”

When The Times initially contacted Apple and Google representatives with questions about ToTok’s connection to the Emirati government, they said they would investigate. On Thursday, Google removed the app from its Play store after determining ToTok violated unspecified policies. Apple removed ToTok from its App Store on Friday and was still researching the app, a spokesman said. ToTok users who already downloaded the app will still be able to use it until they remove it from their phones.

It was unclear when U.S. intelligence services first determined that ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that U.S. officials have warned some allies about its dangers. It is not clear whether U.S. officials have confronted their counterparts in the Emirati government about the app. One digital security expert in the Middle East, speaking on the condition of anonymity to discuss powerful hacking tools, said that senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.

ToTok appears to have been relatively easy to develop, according to a forensic analysis performed for The Times by Patrick Wardle, a former NSA hacker who works as a private security researcher. It appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences.

ToTok is a cleverly designed tool for mass surveillance, according to the technical analysis and interviews, in that it functions much like the myriad other Apple and Android apps that track users’ location and contacts.

On the surface, ToTok tracks users’ location by offering an accurate weather forecast. It hunts for new contacts any time a user opens the app, under the pretense that it is helping connect with their friends, much like how Instagram flags Facebook friends. It has access to users’ microphones, cameras, calendar and other phone data. Even its name is an apparent play on the popular Chinese app TikTok.

Though billed as “fast and secure,” ToTok makes no claim of end-to-end encryption, like WhatsApp, Signal or Skype. The only hint that the app discloses user data is buried in the privacy policy: “We may share your personal data with group companies.”

So instead of paying hackers to gain access to a target’s phone — the going rate is up to $2.5 million for a hacking tool that can remotely access Android phones, according to recent price lists — ToTok gave the Emirati government a way to persuade millions of users to hand over their most personal information for free.

“There is a beauty in this approach,” said Wardle, now a security researcher at Jamf, a software company. “You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone. By uploading contacts, video chats, location, what more intelligence do you need?”

In an intelligence-gathering operation, Wardle said, ToTok would be Phase 1. Much like the NSA’s bulk metadata collection program — which was quietly shut down this year — ToTok allows intelligence analysts to analyze users’ calls and contacts in search of patterns, though its collection is far more invasive. It is unclear whether ToTok allows the Emiratis to record video or audio calls of its users.

Each day, billions of people freely forgo privacy for the convenience of using apps on their phones. The Privacy Project by the Times’ Opinion section published an investigation last week revealing how app makers and third parties track the minute-by-minute movements of mobile phone users.

Private companies collected that data for targeted marketing. In ToTok’s case — according to current and former officials and digital crumbs the developers left behind — much of the information is funneled to intelligence analysts working on behalf the Emirati state.

In recent months, semiofficial state publications began promoting ToTok as the free app long sought by Emiratis. This month, users of a messaging service in the Emirates requiring paid subscriptions, Botim, received an alert telling users to switch to ToTok — which it called a “free, fast and secure” messaging app. Accompanying the message was a link to install it.

The marketing seems to have paid off.

In reviews, Emiratis expressed gratitude to ToTok’s developers for finally bringing them a free messaging app. “Blessings! Your app is the best App so far that has enable me and my family to stay connected!!!” one wrote. “Kudos,” another wrote. “Finally, an app that works in the UAE!”

ToTok’s popularity extended beyond the Emirates. According to recent Google Play rankings, it was among the top 50 free apps in Saudi Arabia, Britain, India, Sweden and other countries. Some analysts said it was particularly popular in the Middle East because — at least on the surface — it was unaffiliated with a large, powerful nation.

Though the app is a tool for the Emirati government, the exact relationship between the firms behind it is murky. Pax employees are made up of European, Asian and Emirati data scientists, and the company is run by Andrew Jackson, an Irish data scientist who previously worked at Palantir, a Silicon Valley firm that works with the Pentagon and U.S. spy agencies.

Its affiliate company, DarkMatter, is in effect an arm of the Emirati government. Its operations have included hacking government ministries in Iran, Qatar and Turkey; executives of FIFA, the world soccer organization; journalists and dissidents.

Last month, the Emirati government announced that DarkMatter would combine with two dozen other companies to create a defense conglomerate focused on repelling cyberattacks.

The FBI is investigating American employees of DarkMatter for possible cybercrimes, according to people familiar with the investigation. The inquiry intensified after former NSA hackers working for the company grew concerned about its activities and contacted the bureau. Reuters first reported the program they worked on, Project Raven.

At Pax, data scientists openly brag about their work on LinkedIn. One who listed his title as “data science team lead” said he had created a “message intelligence platform” that reads billions of messages to answer four questions: “who you are, what you do, how do you think, and what is your relationship with others.”

“With the answers to these four questions, we know everything about one person,” wrote the data scientist, Jingyan Wang.

Other Pax employees describe their experience creating tools that can search government data sets for faces from billions of video feeds and pinpoint Arabic dialects from transcribed video messages.

None mention an affiliation with ToTok.

Mark Mazzetti, Nicole Perlroth and Ronen Bergman c.2019 The New York Times Company

Get the best of News18 delivered to your inbox – subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what’s happening in the world around you – in real time.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Everything We Expect at Samsung Unpacked, From Galaxy Z Fold 4 to Galaxy Watch 5 – CNET

Published

 on



Samsung’s next Galaxy Unpacked event is scheduled for Wednesday, Aug. 10. We expect to see several new versions of the company’s flagship foldable phones and smartwatches to be revealed — but there’s always a chance for surprise launches of new devices.

The event invitation seen above, showing a Z Flip foldable phone, suggests we’ll see new versions of Samsung’s foldables. That fits with a previous leak from tipster Evan Blass predicting new versions of the Samsung Galaxy Z Fold 3 and the clamshell Samsung Galaxy Z Flip 3, which came out in August 2021. 


Now playing:
Watch this:

Everything We Expect Samsung to Announce

5:21

Don’t expect too many big advances with Samsung’s next foldables. Rumors suggest the tablet-size Samsung Galaxy Fold 4 may have a new hinge and slimmer build, but the leaker jury is out on whether it will include an S Pen slot like the Samsung Galaxy S22 Ultra. Other rumors predict that the foldable will pack the faster Snapdragon 8 Gen 1 Plus chipset, as well as a larger outer display that requires its own under-display camera to complement the one on the inner screen.  

The makeup compact-looking Samsung Galaxy Z Flip 4 could get a larger cover display, according to other rumors, which could make it far more useful for reading notifications and previewing selfie photos. 

Even if the new foldables have only incremental spec upgrades, the biggest improvement could be price. The Galaxy Fold 3 was cheaper than its predecessor at $1,800 (£1,599, AU$2,499) to start, which is still around twice as expensive as most premium smartphones. The Galaxy Z Flip 3 shockingly came in at $1,000 (£949, AU$1,499), or around the price of an iPhone 13 Pro, making it the most affordable foldable yet and a viable alternative to standard flat smartphones. 

But the upcoming Z Fold 4 and Z Flip 4 could be even cheaper, predicts analyst Ross Young, CEO of Display Supply Chain Consultants, who tweeted that Samsung ramped up production to churn out twice as many of the new foldables as last year’s models, suggesting a possible price cut. 

Read more: Here’s One Feature Samsung Could Use to One-Up Apple

In any case, we expect the new foldables to sell well, since the Z Fold 3 and Z Flip 3 sold more units in their launch month than were sold in all of 2020. With 88% of the more than 7 million foldables sold in 2021, Samsung is in a strong position to continue dominating the niche foldable market, which is expected to grow to over 27 million sold in 2025.

Samsung could launch other products to accompany the foldables, and the most likely is the Samsung Galaxy Watch 5. Rumors predict the next version of the premium smartwatch line could get a body temperature sensor and better battery life, as well as an updated design. Hopefully, it will also fix a glaring flaw in the Galaxy Watch 4 — no support for iPhones — as well as better integration of Wear OS 3, as we felt last year’s watch pulled between Google and Samsung’s ecosystems

There are other things Samsung could show off, like successors to the Galaxy Buds 2 earbud, tablets or laptops, but we haven’t heard many rumors suggesting any of those are likely to arrive. Still, we could easily be surprised with all eyes on the awaited foldables.

To encourage customers to reserve their phones early, from July 19 until August 10, Samsung is offering an extensive list of discounts based on different bundles, from a maximum of $200 off for those reserving a Galaxy phone, watch, and buds down to a minimum of $30 off for just reserving Galaxy buds. While this could be a hint at what’s coming at Unpacked, the savings could apply to older Galaxy Watch or Galaxy Buds models.

The event is scheduled to begin at 9 a.m. ET / 6 a.m. PT. CNET will be watching and covering the reveals.

Adblock test (Why?)



Source link

Continue Reading

Tech

Samsung’s Galaxy Unpacked event: start time and how to watch – The Verge

Published

 on


Samsung Galaxy Unpacked is set to begin on Wednesday, August 10th.

Leading up to the event, Samsung has left us with breadcrumbs about what they’re going to announce at their Galaxy Unpacked event. Leaks and other clues have revealed that Samsung may be announcing an updated foldable to match last year’s announcement and release.

We also have a guess that there might be some new Galaxy Watches to announce as Samsung released a reservation for a trade-in for the Galaxy smartphone, smartwatch, and earbuds.

When does the Samsung Galaxy Unpacked event take place?

The Samsung Galaxy event is set to take place on Wednesday, August 10th, 2022, at 6AM PT / 9AM ET.

Where can I watch the Samsung Galaxy Unpacked event?

We will have the livestream video embedded up top, so you can stick around here to watch when it begins. Otherwise, you can tune in to the Galaxy Unpacked livestream at Samsung.com, Samsung’s Newsroom, and Samsung’s YouTube channel.

We here at The Verge will also be covering the event. Be sure to follow @verge on Twitter and @verge on Instagram for live updates and other Samsung news.

Adblock test (Why?)



Source link

Continue Reading

Tech

Samsung Galaxy Unpacked: How to watch Samsung announce its latest foldable phones – ZDNet

Published

 on


Image: Samsung

On Wednesday, Samsung is expected to announce new foldable phones, wireless earbuds, and a new Galaxy Watch. If all of the leaks and rumors are true, that means we’ll see the Galaxy Z Fold 4, Z Flip 4, Buds 2 Pro and the Galaxy Watch 5 (and maybe even a Pro model). 

Who knows, Samsung could have other products lined up for announcement. We simply won’t know what all it entails until the livestream ends. 

When is Samsung Galaxy Unpacked?

The event kicks off early Wednesday, Aug. 10, with the livestream starting at 9 a.m. ET/6 a.m. PT. There isn’t an in-person element to the event as companies continue to stick to a virtual-only approach for product announcements. 

Here are the different international times for your reference:

  • New York: 9 a.m. ET
  • San Francisco: 6 a.m. PT
  • London: 2 p.m. GMT
  • Berlin: 3 p.m. CET
  • Mumbai: 9:30 p.m. IT
  • Tokyo: 11 a.m. JT Jan. 15
  • Sydney: 1 a.m. AEDT Jan. 15

How to what Samsung Galaxy Unpacked

If you want to tune in and watch the announcements as they’re made, then you’re in luck. Samsung is broadcasting the livestream across several different platforms. Here’s everywhere you can watch the official stream:

What to expect from Samsung Galaxy Unpacked

Samsung itself has dropped some major hints about what to expect from the announcement. Certainly, there are new foldable phones — likely the Z Fold 4 and Z Flip 4 — on tap to be announced. 

In addition to the new phones, Samsung’s Galaxy Watch5 appears set to get an upgrade, with a new Watch5 Pro model, which early leaks indicate will be more rugged and more of a competitor to Garmin’s line of smartwatches. 

Finally, Samsung’s Galaxy Buds Pro appear primed for an upgrade with the Buds 2 Pro adding new active noise cancellation features and a refreshed design to the company’s completely wireless earbuds. 

We’ll have full event coverage as Samsung’s latest Galaxy Unpacked event kicks off bright and early on Wednesday, Aug. 10. 

What’s something you’re hoping to see Samsung announce during the event? Let us know in the comments below.

Adblock test (Why?)



Source link

Continue Reading

Trending