This is the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

It’s Kevin Pham, intern on the Digital Security Training team, taking over the newsletter this week.

In the news

Apple has filed a motion to withdraw a lawsuit against NSO Group, an Israeli spyware company, claiming that a protracted case would reveal sensitive security information it uses to combat targeted spyware attacks. Although the lawsuit weakened the NSO Group, other targeted spyware companies may take advantage of this security information.

The court filing states, “The result is that even complete victory in this suit will no longer have the same impact as it would have in 2021; instead of eliminating with one judgment a significant portion of the threat environment, other spyware companies unaffiliated with Defendants would be unaffected by the suit and able to continue their destructive tactics.”

Such new threat actors could target the released information on Apple’s security practices even if kept confidential by the court. Apple cites an incident in which Israel interfered in a WhatsApp lawsuit against the NSO Group, claiming that the firm gained access to “controlled materials” by hacking Israel’s Ministry of Justice. Read more here.

What you can do

Despite intense media coverage, the NSO Group is just one part of an expanding targeted spyware industry. As more companies join this space, here are some actionable steps you can take to protect your devices against them:

• If you are concerned about being targeted by spyware and have an iPhone, you can enable Apple’s Lockdown Mode for more restrictive security settings. According to a report from Access Now, researchers “observed that activating Lockdown Mode for the iPhone appears to have blocked some attempts to compromise Apple devices with Pegasus.”
• Although not perfect, iVerify for iOS can help scan for less sophisticated malware.
• Android users may need additional work. The Mobile Verification Toolkit requires some technical knowledge to set up. If you are not comfortable trying out this approach on your own, Amnesty International’s Security Lab and Access Now’s digital security helpline can assist those involved in civil society work.
• Advanced attacks rely on vulnerabilities that have not yet been reported or patched in security updates. By downloading and installing the latest security updates, you can protect your device against most kinds of spyware. My colleague David Huerta wrote an excellent blog on why software updates are so important.

Updates from our team

• As my internship ends, this will be the last newsletter written by me. If you ever want to stay connected, please feel free to reach out to me here.
• We’re co-hosting “Source!” the London Logan Symposium, with The Centre for Investigative Journalism on Nov. 14-15 in London, England. Hear from journalists from all over the world about press freedom issues and the challenges they face in protecting themselves and their sources. Register to attend here.
• From Sept. 18-21, some of our digital security training teammates will be in attendance at the Online News Association's annual conference in Atlanta. Will you be there? Come say hi.
• Freedom of the Press Foundation (FPF) staff will be in attendance at the 2024 Team CommUNITY Global Gathering in Estoril, Portugal. From Sept. 27-29, reach out if you’d like to say hi, or if you want some digital security digest stickers.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Kevin

–

Kevin Pham
Digital Security Training Intern

Freedom of the Press Foundation