STEPS TO BE SAFER AFTER A POSSIBLE TARGETING

What Is This?

This page is intended ONLY for users receiving an official outreach concerning possible sophisticated commercial spyware targeting. If you did not get such an outreach, this advice is probably not right for you.

If you are just looking for general advice on how to be safer online we encourage you to begin with the Security Planner by Consumer Reports, which can help you become safer online, as well as identify more advanced online resources for your situation.

What Will I Be Able To Do?

This page suggests steps to increase the safety of your phone and online accounts after you have been notified of a possible security issue involving advanced spyware.

Seek Expert Help

Our suggestions are based on The Citizen Lab’s current knowledge of mobile spyware. However, we cannot guarantee that the following steps will ensure your digital safety.

They should be understood as mere guidance. We encourage you to seek one-on-one help from a qualified digital security expert.

ARE YOU A MEMBER OF CIVIL SOCIETY?

Civil society includes human rights defenders, NGO staff, activists, academics, journalists, and similarly placed persons.

If you received a notification, the Citizen Lab would like to hear from you. We may be able to provide you with next steps to take, or refer you to trusted partners for assistance.

The Citizen Lab is an independent academic research group at the University of Toronto with a mandate to investigate digital threats to qualified civil society.

If you think you may be within our research mandate, you can contact us at [email protected].

Additionally, we highly recommend that civil society members with urgent cybersecurity concerns contact the 24-hour Access Now Digital Security Helpline. Access Now is a trusted peer and able to help organizations and individuals within their mandate with digital security assistance.

Unfortunately, The Citizen Lab does not maintain a list of such experts that provide services to individuals that are not within civil society.

GETTING STARTED

While being targeted with sophisticated commercial spyware does not always mean that your device was successfully infected, we believe there are certain steps you can take right away to make your device and online accounts safer. These steps are important if you have faced targeting with sophisticated spyware.

STEP 1: REPLACE YOUR DEVICE(S)

The Citizen Lab does not know whether an infection with this particular spyware can survive a factory reset on all phones. Therefore, we recommend replacing the device(s) associated with your WhatsApp account if you received this notification.

Replacing the device that was targeted is the only way to be certain that your phone no longer has an active infection.

  • When you get a replacement device, consider storing the previous device, powered off, in a safe place. This way it is available for technical analysis by an expert which may be important, for example, if you are considering legal action against the spyware manufacturer or the operator.
  • NOTE: A factory reset will likely remove the kinds of evidence that technical experts would need to review.

Once you have a replacement device, make sure that all of your apps, including WhatsApp, are up to date.

Android: Click here for instructions on keeping your apps up to date.

iOS: Your apps are updated by default, you can check this or manually update them here.

Apple iOS: We recommend that you enable Lockdown Mode on your Apple device.In our experience this higher-security mode greatly increases the difficulty for hacking your iPhone, and helps stop some categories of sophisticated attack.

CLICK HERE for instructions on enabling Apple’s Lockdown Mode

Android Users: unfortunately, most Android devices do not have a similar feature to Lockdown mode.

Cannot replace your device right now? Getting a new phone is expensive, and that may not be possible for you right now. If you cannot purchase a new phone, you may still benefit from the other steps, but there will be a chance that your device remains infected.

STEP 2: CHANGE YOUR PASSWORDS & ENABLE ADVANCED SECURITY

Once you have obtained a new phone, you should change the passwords for accounts that are attached to your original phone, as well as any other accounts that you use regularly.

Change Your Passwords

Changing passwords can be frustrating and time consuming, but it is essential to ensure that an attacker cannot continue to access your accounts using a stolen password.

You can also use a Password Manager to help you quickly create strong new passwords for your accounts. Make sure to use a different password for each account or service.

Once you have changed your passwords, make sure to enable multi-factor authentication.

Enable Advanced Security On Your Accounts

We recommend that you enable advanced security features on your accounts. Several providers offer these features and we highly recommend them for individuals in similar situations.

STEP 3: ENHANCE YOUR ONLINE SAFETY

Being targeted means that someone invested time and resources in an effort to access your personal device. So, you may be at risk from other forms of digital targeting including spyware in the future.

The Security Planner is a good basic place to start improving your digital safety. This online tool asks you a few questions about the devices and services that you use and provides basic digital security recommendations.

We recommend that you also consult advanced security guides. You may also wish to consult these emergency support resources.

Because of the serious nature of the digital threats that you may face, we encourage you to contact an expert. There is simply no substitute.

Being targeted with advanced spyware is an indication that you may also face concerns for your physical safety. You may wish to seek expert assistance, or consult online resources about practical steps that you can take.

QUESTIONS AND ANSWERS

AM I INFECTED? WAS I INFECTED?

It is very difficult to tell if a phone was or is infected with sophisticated spyware without expert forensic analysis. If you are in civil society, The Citizen Lab may be able to help. If you are not within our mandate, you may wish to engage professional experts to assist you. However, you may still not receive a conclusive answer.

WHAT SORT OF INFORMATION MAY HAVE BEEN TAKEN

Without a forensic analysis of artefacts from your device it may be difficult to determine what was taken. However, in general, spyware of this type generally targets your messaging logs, call activity, and contacts, as well as other information on your device. It is a good rule of thumb to assume that a commercial spyware operator may be able to access and do anything you can do on your device, including encrypted messaging. An attacker may also be able to do some things you can’t, such as remotely activating your microphone and camera.

WILL CHANGING MY PHONE NUMBER PROTECT ME?

The attacker likely knows your current telephone number, and may seek to target accounts associated with it in the future. However, changing to a new number does not guarantee safety in the future, as the attacker may simply learn your new number.

CAN THE CITIZEN LAB HELP ME?

If you are a member of civil society, the Citizen Lab may be able to assist you with next steps, and further investigate your case (see: Are You A Member of Civil Society?). However, providing technical support, advice, or recommendations to individuals NOT within civil society is generally outside of the Citizen Lab’s mandate.

ABOUT THE CITIZEN LAB

The Citizen Lab is an independent research laboratory based at the Munk School of Global Affairs & Public Policy at the University of Toronto. Our research includes tracking digital threats against civil society including mercenary spyware.

More information about The Citizen Lab is available here.

There are other organizations that work on research on targeted threats, including Access Now and Amnesty International. Please visit their websites to learn more about their investigations into this topic.