this post was submitted on 03 Sep 2025
184 points (97.9% liked)

Privacy

41550 readers
1125 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
Yayannick@lemmy.ml
ranok@sopuli.xyz
tmpod@lemmy.pt
184
ICE acquires Israeli spyware capable of hacking phones and encrypted apps (www.newarab.com)
submitted 5 days ago by PorcupineSlippers@lemmy.ml to c/privacy@lemmy.ml
39 comments fedilink hide all child comments
 

ICE acquires Israeli spyware capable of hacking phones and encrypted apps

ICE has reactivated a $2M contract for Israeli spyware Graphite, sparking fears of civil liberties after previous cases of misuse

Under Trump, ICE has seen its operations and powers vastly expanded [Getty] US Immigration and Customs Enforcement (ICE) are moving ahead with a multimillion-dollar contract for powerful Israeli-made spyware capable of hacking phones and encrypted messaging apps, drawing criticism from civil liberties groups and surveillance experts.

The $2 million deal with Paragon Solutions, the Israeli firm behind the Graphite spyware suite, was initially signed under the Biden administration in late 2024 but paused amid compliance reviews over privacy and security concerns.

According to The Guardian, the Trump administration has now lifted the pause, restoring ICE’s access to the tool and sparking a fresh debate over government surveillance powers.

Paragon’s Graphite software allows agencies to remotely penetrate smartphones, access encrypted applications such as WhatsApp and Signal, extract data, and even covertly activate microphones to turn devices into listening tools.

Critics warn the technology gives unprecedented surveillance capabilities to US immigration authorities at a time of heightened political and public scrutiny over civil liberty abuses by ICE.

The Washington Post reported that the pause was lifted following changes in Paragon’s ownership structure and the completion of federal regulatory reviews. The decision comes despite mounting evidence from rights groups and cybersecurity researchers about the risks of misuse, including against journalists and activists.

Earlier this year, researchers at the Citizen Lab, a cybersecurity watchdog based at the University of Toronto, discovered Graphite had been used to target the devices of journalists in Italy, including reporters from Fanpage.it, prompting a European investigation.

Italian officials denied any wrongdoing, but the revelations highlighted the growing global market for so-called "mercenary spyware" and the lack of transparency surrounding its deployment.

Related As ICE raids rise across US, attorney warns people to prepare

US affairs Brooke Anderson In Washington, civil liberties advocates have expressed alarm over the implications of ICE regaining access to such invasive technology. Nadine Farid Johnson, policy director at the Knight First Amendment Institute at Columbia University, urged lawmakers to act.

"Reports that ICE has renewed its contract with spyware vendor Paragon compounds the civil liberties concerns," Johnson said in a statement last week.

"Spyware like Paragon’s Graphite poses a profound threat to free speech and privacy. Congress must step in to impose clear limits and safeguards before these tools are used in ways that undermine constitutional rights."

The Guardian reported that ICE officials have defended the contract, insisting the spyware is used strictly for law enforcement purposes, such as targeting transnational criminal networks and human trafficking operations.

However, critics point to the lack of independent oversight mechanisms and the absence of public information about how frequently or against whom the software is deployed.

The Washington Post added that the reactivation of the Paragon deal may signal a more permissive stance by the Trump administration toward domestic surveillance technologies.

Past controversies over the use of spyware such as Pegasus, developed by the Israeli firm NSO Group, have already prompted calls for stricter regulation. The Biden administration previously blacklisted NSO after its tools were linked to the hacking of US diplomats’ phones.

Under Trump, ICE has seen dramatically expanded powers and funding, fuelling concerns about its growing politicisation.

Critics point to sweeping arrests, including of non-criminal migrants, and the use of tactics once considered off-limits, such as unmarked vehicles and plainclothes agents. Civil liberties groups warn that without oversight, the agency risks becoming a tool of political intimidation rather than law enforcement, especially with access to powerful surveillance technologies.

top 39 comments
sorted by: hot top controversial new old
[–] ComradePedro@lemmy.ml 47 points 5 days ago (3 children)

Fight Graphite with Graphene!

[–] mp3@lemmy.ca 32 points 5 days ago* (last edited 4 days ago) (1 children)

And more importantly, good OPSEC.

[–] mugita_sokiovt@discuss.online 12 points 5 days ago

On top of that, a local-first approach.

[–] SolarPunker@slrpnk.net 5 points 4 days ago

The problem is WhatsApp

[–] Cat_Daddy@hexbear.net 3 points 5 days ago (1 children)

Does that work, though? It's just a modified AOSP, so it might have the same issues as vanilla android.

[–] sunzu2@thebrainbin.org 5 points 5 days ago

It is the only one that was giving celebrite hard time last year.

But we don't really know.

But we deff know that others stand no chance.

[–] grey_maniac@lemmy.ca 29 points 5 days ago

Isn't ICE itself functionally a human traffic organization already?

[–] RhondaSandTits@lemmy.sdf.org 7 points 4 days ago (1 children)

Those meatheads will use it as another tool to abuse their wives and extract nudes from the classmates of their 15yo daughters

[–] sunzu2@thebrainbin.org 1 points 3 days ago

That's just the pork of the job...

They are the boot of the regime first and foremost.

[–] Dreaming_Novaling@lemmy.zip 6 points 3 days ago (1 children)

So like, genuine question to all of those saying no sim cards/e-sims and only use wifi with airplane mode on, how do you communicate with people on the go? Do you just wait until you're at a building with free Wi-Fi?

[–] sunzu2@thebrainbin.org 1 points 3 days ago

Not serious proposal at this point but you can at least turn off the cell nework when home etc.

it is about harm reduction just like drug use.

[–] amanneedsamaid@sopuli.xyz 22 points 5 days ago (1 children)

With my tax money... and only a negative impact on the average americans life...

[–] birdwing@lemmy.blahaj.zone 16 points 5 days ago (1 children)

Everyone's*.

When Trump does something, the rest of the world experiences the antisocial oligarch pedo's ruffles.

[–] quick_snail@feddit.nl 11 points 4 days ago* (last edited 4 days ago) (1 children)

Don't put a Sim card in your phone, folks.

Never take your phone out of airplane mode. Use WiFi.

[–] pineapplelover@lemmy.dbzer0.com 3 points 4 days ago (1 children)

What's wrong with sim cards?

[–] quick_snail@feddit.nl 7 points 4 days ago (2 children)

Broadband processors on your device are extremely vulnerable black boxes. Almost all of the attacks that Citizen Lab discovered come from this vector.

By not using a Sim card, you significantly decrease the surface area for attack, making yourself invulnerable to the majority of these zero days

[–] DieserTypMatthias@lemmy.ml 3 points 3 days ago

And also, the safest device is the one that's not connected to the Internet.

[–] pineapplelover@lemmy.dbzer0.com 0 points 3 days ago (2 children)

So it's not that esims are much safer, you're talking about cellular as a whole?

[–] sunzu2@thebrainbin.org 1 points 3 days ago

correct.. i am sure there is some difference between sim and esim but the real issue is connecting to cell network. it is designed to spy on you.

[–] quick_snail@feddit.nl 1 points 3 days ago

I'm not 100% sure, but I think the vulnerability is in the broadband processor.

[–] birdwing@lemmy.blahaj.zone 10 points 5 days ago (2 children)

Hold up, accessing Signal?

[–] quick_snail@feddit.nl 10 points 4 days ago* (last edited 4 days ago) (1 children)

If they breach the endpoint, it doesn't matter if it's e2ee.

Just avoid putting a sim card in your phone, and it eliminates almost all of these vectors.

[–] birdwing@lemmy.blahaj.zone 1 points 4 days ago (1 children)

So, what you're saying, is that one would have to use an e-sim rather than physical sim? To avoid a zero-day exploit? I find that hard to believe.

[–] quick_snail@feddit.nl 8 points 4 days ago (1 children)

Jesus no. I'm saying almost all of the exploits found by citizen lab are delivered by cell tower.

Don't connect to cell towers.

[–] pineapplelover@lemmy.dbzer0.com 2 points 4 days ago (1 children)

I find it hard to believe that they can decrypt Signal messages in-transit at the cell tower

[–] quick_snail@feddit.nl 7 points 4 days ago

They can't. They have zero days that push vulnerabilities down to you from the tower.

[–] tapdattl@lemmy.world 14 points 5 days ago (1 children)

Well I'm assuming if it can bypass the lock screen somehow it can pull encryption keys, or just let the user gain full access to the phone and open the signal app directly.

[–] birdwing@lemmy.blahaj.zone 8 points 5 days ago

That's fucking scary. Trump, Thiel, and every single fascist ally of him needs to get a treatment of eternal sleep.

[–] irotsoma@lemmy.blahaj.zone 10 points 5 days ago (1 children)

I don't really get how that's helpful for ICE. They don't investigate crime really. Shouldn't they know a person's immigration status based on their public records? What do they need private communications for to prove a person is in the country illegally?

This is a rhetorical question. I know why they want it, just it doesn't make sense for them to spend our money on for the things they're supposed to be tasked with doing.

[–] quick_snail@feddit.nl 15 points 4 days ago

They are the US fascist gustapo. Their funding just exploded, and so will their mission

[–] Ileftreddit@lemmy.world 4 points 4 days ago (1 children)

Is it just me or is getting all that for $2 million a pretty great deal? Still not cool, but I’d have thought the ability to totally eliminate privacy would have been more expensive

[–] strung6387@lemmy.ml 2 points 3 days ago (1 children)

It's not clear how the spyware gets onto the phone, though. Typically the user needs to download something that happens to have spyware in it. Unless the USA government includes this spyware in heretofore legitimate government apps so that a significant number of people install the spyware unintentionally, I don't see how this spyware is of practical value. Including it in government apps might be their plan, though, even though there is a high chance that the malicious app(s) would be banned. But the USA government could threaten Apple or Google into letting the app remain available for download. Dark times.

[–] Ileftreddit@lemmy.world 1 points 3 days ago

The US govt could just require it to be pre-installed on all devices

[–] DieserTypMatthias@lemmy.ml 1 points 3 days ago

Didn't Paragon work in the Linux kernel on NTFS drivers?

[–] cupcakezealot@piefed.blahaj.zone 1 points 3 days ago

that's a good way to get a lawsuit and inadmissible evidence.

[–] Mongostein@lemmy.ca 6 points 5 days ago

So how does Graphite work?

[–] sunzu2@thebrainbin.org -3 points 5 days ago (1 children)

Grapheneos is over kill for the normies 🤡

[–] pineapplelover@lemmy.dbzer0.com -1 points 4 days ago

Lockdown mode on iphone is fine as well