NSO used data of real people to pitch contact-tracing tech: Report


San Francisco, Dec 31 (IANS): In a case that may involve potential privacy violations of thousands of people, researchers have found that Israeli spyware maker NSO Group resorted to using phone location data of real people while showcasing its Covid-19 contact-tracing software to governments and journalists, TechCrunch reported.

The NSO Group launched its contact-tracing technology named "Fleming" in March 2020 amid rising Covid-19 cases around the world.

Two months later, a database belonging to the Fleming programme was found unprotected online.

The database contained more than five lakh datapoints for more than 30,000 distinct mobile phones.

The NSO Group quickly secured the database when TechCrunch reported, but the Israeli company denied there was a security breach.

Forensic Architecture, an academic unit at Goldsmiths, University of London, received and analysed a sample of the exposed database, which suggested that the data was based on "real" personal data belonging to unsuspecting civilians, putting their private information at risk.

"The sample of the exposed database we received has over 149,000 data points... We investigated the nature of the data: whether it was based on "real" personal data belonging to many unsuspecting civilians and, if so, whether it was properly obfuscated in a way protecting private identities, or if it was "dummy" data," the researchers said on Wednesday.

"The spatial 'irregularities' in our sample -- a common signature of real mobile location tracks -- further support our assessment that this is real data. Therefore, the dataset is most likely not 'dummy' nor computer generated data, but rather reflects the movement of actual individuals, possibly acquired from telecommunications carriers or a third-party source."

The exposed data included location information from Rwanda, Israel, Saudi Arabia, the United Arab Emirates, and Bahrain, the researchers said.

NSO's Covid-19 contact-tracing software is designed to make it easier for governments to visualise and track the spread of the virus by feeding location data from cell phone companies. It aggressively pitched the system earlier this year.

NSO is better known for 'Pegasus' -- a malware sold to governments to enable the remote infection and surveillance of private smartphones.

 

  

Top Stories


Leave a Comment

Title: NSO used data of real people to pitch contact-tracing tech: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.