February 6, 2024 at 12:29PM
Commercial spyware vendors were responsible for 80% of the zero-day vulnerabilities uncovered by Google’s Threat Analysis Group in 2023, enabling global device surveillance. Google monitors 40 vendors to detect exploitation attempts, finding that 35 of 72 zero-day exploits over the last decade targeted its products. Notable vendors include Cy4Gate, RCS Lab, Intellexa, Negg Group, NSO Group, and Variston. These vendors sell expensive licenses to governments and private organizations, using the exploits to target journalists, activists, and political figures. Google urges increased collaboration and regulation to counter the spyware industry, while actively countering threats through various solutions.
Key takeaways from the meeting notes are as follows:
1. Commercial spyware vendors were responsible for 80% of the zero-day vulnerabilities discovered by Google’s Threat Analysis Group in 2023 and used to spy on devices worldwide.
2. Google’s TAG has been monitoring 40 commercial spyware vendors to detect exploitation attempts and protect users of its products.
3. 35 out of 72 known in-the-wild zero-day exploits impacting Google’s products over the last decade have been attributed to spyware vendors.
4. Spyware vendors use zero-day flaws to target journalists, activists, and political figures as directed by their customers, including governments and private organizations.
5. Notable spyware vendors highlighted in Google’s report include Cy4Gate, RCS Lab, Intellexa, Negg Group, NSO Group, and Variston.
6. These vendors sell licenses for millions of dollars, allowing customers to infect Android or iOS devices using undocumented 1-click or zero-click exploits.
7. Some exploit chains utilize n-days, known flaws for which fixes are available but still exploitable due to patching delays.
8. From 2019 to 2023, CSVs developed at least 33 exploits for unknown vulnerabilities.
9. A list of 74 zero-days used by 11 CSVs can be found in the appendix, with the majority impacting Google Chrome and Android.
10. Google is proactively countering spyware threats through solutions such as Safe Browsing, Gmail security, the Advanced Protection Program, and Google Play Protect, and advocating for more action to be taken against the spyware industry.