Source URL: https://www.schneier.com/blog/archives/2025/03/report-on-paragon-spyware.html
Source: Schneier on Security
Title: Report on Paragon Spyware
Feedly Summary: Citizen Lab has a new report on Paragon’s spyware:
Key Findings:
Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for.
Infrastructure Analysis of Paragon Spyware. Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
…
AI Summary and Description: Yes
Summary: The report from Citizen Lab sheds light on Paragon Solutions, a spyware vendor that claims to have better safeguards against misuse compared to other companies like NSO Group. The findings reveal a complex infrastructure related to Paragon’s spyware, Graphite, and highlight serious implications for the privacy and security of individuals targeted by this spyware, including law enforcement agencies in Canada.
Detailed Description: The Citizen Lab report on Paragon Solutions provides essential insight into the evolving landscape of spyware technology and its implications for both personal privacy and regulatory compliance. Here are the key findings:
– **Introduction to Paragon Solutions**: Founded in Israel in 2019, Paragon Solutions markets its spyware product, Graphite, as having adequate safeguards to prevent abuse, setting it apart from competitors like NSO Group known for controversial practices.
– **Infrastructure Analysis**:
– Mapping revealed the server infrastructure linked to Graphite, suggesting deployments not only in Israel but also in countries such as Australia, Canada, Cyprus, Denmark, and Singapore.
– **Connection to Canadian Law Enforcement**:
– The investigation uncovered potential associations between Paragon Solutions and the Ontario Provincial Police, indicating a growing trend in law enforcement adopting invasive spyware technologies.
– **WhatsApp Zero-Click Exploit Mitigation**:
– Citizen Lab provided crucial intelligence to Meta, facilitating the identification and mitigation of a zero-click exploit related to Paragon’s spyware, protecting over 90 potential targets, including civil society members in Italy.
– **Forensic Analysis of Spyware Targets**:
– Detailed forensic studies on Android devices belonging to individuals targeted by Paragon revealed the presence of spyware within applications, including WhatsApp. This calls for significant concern over the vulnerability of personal data on such devices.
– **Related iPhone Spyware Case**:
– An analysis of an iPhone belonging to an individual connected to confirmed targets exhibited attempts of infection with novel spyware, which Apple later patched after being informed by Citizen Lab.
– **Association with Broader Surveillance Techniques**:
– The report indicates warnings sent by Meta about potential surveillance threats confronting individuals in the same organizational cluster as Paragon victims, suggesting wider exposure to surveillance technologies.
This report is particularly significant for security professionals as it underscores critical issues regarding the use of spyware, the accountability of law enforcement agencies in procuring such technologies, and the implications for privacy and compliance regulations. The findings stress the need for robust investigation and regulation around spyware use, especially within governmental organizations. There are vital lessons regarding proactive monitoring and the necessity for technology companies to collaborate to enhance both user security and organizational resilience against spyware threats.