from PorcupineSlippers@lemmy.ml to privacy@lemmy.ml on 03 Sep 20:47
https://lemmy.ml/post/35636343
ICE acquires Israeli spyware capable of hacking phones and encrypted apps
ICE has reactivated a $2M contract for Israeli spyware Graphite, sparking fears of civil liberties after previous cases of misuse
Under Trump, ICE has seen its operations and powers vastly expanded [Getty] US Immigration and Customs Enforcement (ICE) are moving ahead with a multimillion-dollar contract for powerful Israeli-made spyware capable of hacking phones and encrypted messaging apps, drawing criticism from civil liberties groups and surveillance experts.
The $2 million deal with Paragon Solutions, the Israeli firm behind the Graphite spyware suite, was initially signed under the Biden administration in late 2024 but paused amid compliance reviews over privacy and security concerns.
According to The Guardian, the Trump administration has now lifted the pause, restoring ICE’s access to the tool and sparking a fresh debate over government surveillance powers.
Paragon’s Graphite software allows agencies to remotely penetrate smartphones, access encrypted applications such as WhatsApp and Signal, extract data, and even covertly activate microphones to turn devices into listening tools.
Critics warn the technology gives unprecedented surveillance capabilities to US immigration authorities at a time of heightened political and public scrutiny over civil liberty abuses by ICE.
The Washington Post reported that the pause was lifted following changes in Paragon’s ownership structure and the completion of federal regulatory reviews. The decision comes despite mounting evidence from rights groups and cybersecurity researchers about the risks of misuse, including against journalists and activists.
Earlier this year, researchers at the Citizen Lab, a cybersecurity watchdog based at the University of Toronto, discovered Graphite had been used to target the devices of journalists in Italy, including reporters from Fanpage.it, prompting a European investigation.
Italian officials denied any wrongdoing, but the revelations highlighted the growing global market for so-called “mercenary spyware” and the lack of transparency surrounding its deployment.
Related As ICE raids rise across US, attorney warns people to prepare
US affairs Brooke Anderson In Washington, civil liberties advocates have expressed alarm over the implications of ICE regaining access to such invasive technology. Nadine Farid Johnson, policy director at the Knight First Amendment Institute at Columbia University, urged lawmakers to act.
“Reports that ICE has renewed its contract with spyware vendor Paragon compounds the civil liberties concerns,” Johnson said in a statement last week.
“Spyware like Paragon’s Graphite poses a profound threat to free speech and privacy. Congress must step in to impose clear limits and safeguards before these tools are used in ways that undermine constitutional rights.”
The Guardian reported that ICE officials have defended the contract, insisting the spyware is used strictly for law enforcement purposes, such as targeting transnational criminal networks and human trafficking operations.
However, critics point to the lack of independent oversight mechanisms and the absence of public information about how frequently or against whom the software is deployed.
The Washington Post added that the reactivation of the Paragon deal may signal a more permissive stance by the Trump administration toward domestic surveillance technologies.
Past controversies over the use of spyware such as Pegasus, developed by the Israeli firm NSO Group, have already prompted calls for stricter regulation. The Biden administration previously blacklisted NSO after its tools were linked to the hacking of US diplomats’ phones.
Under Trump, ICE has seen dramatically expanded powers and funding, fuelling concerns about its growing politicisation.
Critics point to sweeping arrests, including of non-criminal migrants, and the use of tactics once considered off-limits, such as unmarked vehicles and plainclothes agents. Civil liberties groups warn that without oversight, the agency risks becoming a tool of political intimidation rather than law enforcement, especially with access to powerful surveillance technologies.
threaded - newest
Fight Graphite with Graphene!
And more importantly, good OPSEC.
On top of that, a local-first approach.
Does that work, though? It’s just a modified AOSP, so it might have the same issues as vanilla android.
It is the only one that was giving celebrite hard time last year.
But we don't really know.
But we deff know that others stand no chance.
Most of the modifications to aosp in graphene are security improvements, so it’s at least somewhat better than any other android
The problem is WhatsApp
With my tax money… and only a negative impact on the average americans life…
Everyone’s*.
When Trump does something, the rest of the world experiences the antisocial oligarch pedo’s ruffles.
Since you (like me) are pedantic about apostrophes, I’ll be pedantic about “pedo.” There’s no evidence Trump is a pedopile–that is, primarily attracted to children who have not yet reached puberty.
Plenty of evidence strongly suggesting he’s a child molester, though.
I don’t really get how that’s helpful for ICE. They don’t investigate crime really. Shouldn’t they know a person’s immigration status based on their public records? What do they need private communications for to prove a person is in the country illegally?
This is a rhetorical question. I know why they want it, just it doesn’t make sense for them to spend our money on for the things they’re supposed to be tasked with doing.
They are the US fascist gustapo. Their funding just exploded, and so will their mission
So how does Graphite work?
Hold up, accessing Signal?
Well I’m assuming if it can bypass the lock screen somehow it can pull encryption keys, or just let the user gain full access to the phone and open the signal app directly.
That’s fucking scary. Trump, Thiel, and every single fascist ally of him needs to get a treatment of eternal sleep.
If they breach the endpoint, it doesn’t matter if it’s e2ee.
Just avoid putting a sim card in your phone, and it eliminates almost all of these vectors.
So, what you’re saying, is that one would have to use an e-sim rather than physical sim? To avoid a zero-day exploit? I find that hard to believe.
Jesus no. I’m saying almost all of the exploits found by citizen lab are delivered by cell tower.
Don’t connect to cell towers.
I find it hard to believe that they can decrypt Signal messages in-transit at the cell tower
They can’t. They have zero days that push vulnerabilities down to you from the tower.
Isn’t ICE itself functionally a human traffic organization already?
Grapheneos is over kill for the normies 🤡
Lockdown mode on iphone is fine as well
Don’t put a Sim card in your phone, folks.
Never take your phone out of airplane mode. Use WiFi.
What’s wrong with sim cards?
Broadband processors on your device are extremely vulnerable black boxes. Almost all of the attacks that Citizen Lab discovered come from this vector.
By not using a Sim card, you significantly decrease the surface area for attack, making yourself invulnerable to the majority of these zero days
And also, the safest device is the one that’s not connected to the Internet.
So it’s not that esims are much safer, you’re talking about cellular as a whole?
I’m not 100% sure, but I think the vulnerability is in the broadband processor.
correct.. i am sure there is some difference between sim and esim but the real issue is connecting to cell network. it is designed to spy on you.
Is it just me or is getting all that for $2 million a pretty great deal? Still not cool, but I’d have thought the ability to totally eliminate privacy would have been more expensive
It’s not clear how the spyware gets onto the phone, though. Typically the user needs to download something that happens to have spyware in it. Unless the USA government includes this spyware in heretofore legitimate government apps so that a significant number of people install the spyware unintentionally, I don’t see how this spyware is of practical value. Including it in government apps might be their plan, though, even though there is a high chance that the malicious app(s) would be banned. But the USA government could threaten Apple or Google into letting the app remain available for download. Dark times.
The US govt could just require it to be pre-installed on all devices
Those meatheads will use it as another tool to abuse their wives and extract nudes from the classmates of their 15yo daughters
That's just the pork of the job...
They are the boot of the regime first and foremost.
So like, genuine question to all of those saying no sim cards/e-sims and only use wifi with airplane mode on, how do you communicate with people on the go? Do you just wait until you’re at a building with free Wi-Fi?
Not serious proposal at this point but you can at least turn off the cell nework when home etc.
it is about harm reduction just like drug use.
that's a good way to get a lawsuit and inadmissible evidence.
Didn’t Paragon work in the Linux kernel on NTFS drivers?