It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

Look, we write about happy news sometimes, too!

After a five-year legal fight, infamous spyware developer NSO Group has been ordered to pay WhatsApp nearly $168 million in damages over targeting approximately 1,400 users with Pegasus spyware, including journalists. Court records show that NSO Group used zero-click exploits — attacks that require no user interaction — with a “WhatsApp Installation Server” that delivered malicious messages to targets. These messages would trigger the targeted device to connect to an additional server to download Pegasus. Read more.

What you can do

  • Update your device: While we’re all concerned about Pegasus, the vast majority of spyware attacks aren't going to be so sophisticated, and you can protect your device with a small bit of effort. Simply download and install the latest security updates. Read my colleague David Huerta’s excellent blog on why software updates are so important.
  • Apple users, try Lockdown Mode: If you have an iPhone and feel you are at elevated risk of targeted spyware, check out Apple’s Lockdown Mode for more restrictive security settings. Access Now says, “Lockdown Mode for the iPhone appears to have blocked some attempts to compromise Apple devices with Pegasus.” In my experience this is fairly easy to use, but it may break graphics and functionality on some websites. On balance, I really do think this is worthwhile for journalists at risk.
  • Regularly scan for malware: For some partial coverage, iVerify for iOS or Android can help scan for indicators of malware, including even some more sophisticated strains.
  • Look for the helpers: Amnesty International’s Security Lab and Access Now’s Digital Security Helpline can assist those involved in civil society work.

Updates from our team

We’re interested in learning more about journalists’ use of AI tools in your work. Our hope is to research the security and privacy properties of the most popular tools, how to use them as safely as possible, and to identify potential settings and alternatives that may address your concerns. We put together a short questionnaire on this and would appreciate your help! Please add your thoughts here: https://forms.gle/8xcMh1d2HnVbkE6SA

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation