Two U.S. government agencies warned smartphone users earlier this month to watch out for commercial surveillance software that could be used to pluck all data and information from the devices.
In the advisory, the agencies warned that companies and individuals have been selling this commercial software, which can grab identity, audio, video, and location from a user’s smartphone, around the world.
In August, the Washington Examiner reported that some governments were using the cybertools to spy on journalists, dissidents, and politicians.
"The challenge is where some governments will use this outside of the accepted norms to repress dissent, affect freedom of the press, or for their own private uses," Bryson Bort, CEO of SCYTHE, a cybersecurity vendor, told the publication in August.
In some cases, the user doesn’t even need to engage with the software, like clicking on a link, for the malware to be installed, leaving the device vulnerable to the information harvest by nefarious actors.
In the alert, the agencies advise using good “cyber hygiene” to mitigate the risks.
Regularly updating a device’s operating system, restarting the device regularly, encrypting passwords, and using trusted VPNs are effective at managing the risks, the agencies said.
In addition, common sense online management, like not clicking strange links or checking a website’s URL before going to the site, disabling geo-tracking features, and keeping the device within your physical control also help reduce the risks, the agencies said in the alert.
Nasser Fattah, North America Steering Committee chairman at Shared Assessments, an organization focused on reducing cyber risk, told the Examiner on Tuesday that users should also make sure the camera lenses on the device are covered but acknowledged that may be difficult due to the design of many devices.
“As we know, most if not all smartphone cases are designed to expose the camera, not cover it,” he said.
Experts told the Examiner that unless people are in a group like the intelligence community, or those responsible for corporate secrets, or other high-profile professions, it is unlikely the general public would be targeted.
“The first question people should ask themselves is, Do I really merit the expense of surveillance?” Allan Buxton, director of forensics at cybersecurity vendor SecureData said in the article. “If you're active on social media, broadcasting your location and activities, or sharing work details on a public page, anyone wanting to surveil your activities may already have plenty.”
© 2022 Newsmax. All rights reserved.