I am just learning about advanced spyware Graphite developed by an Israeli company, Paragon. It can effectively take over your phone and get through app encryption. It has now been issued to ICE by the Trump administration, apparently. Anti-spyware software will allegedly not be able to detect it. It has been used already to target journalists in over 20 countries, it appears. Does Norton have any comment on this?

@AG_Davies I have asked for someone Norton to give an answer on this issue as I am not a Norton employee and don’t have access to this type of information. What can we do to fend off Paragon? AI has done some digging around on it own so here is a block quote of what it has to say. Personally, I have my phones set to restart themselves daily at a specific time and reboot my daily use machines once in the am and again before retiring at night.

*Note -AI isn’t always 100% accurate so please do your own research and be pro-active with its suggestions anyway.

> AI Overview

While there is no single foolproof defense against highly sophisticated commercial spyware like Paragon’s Graphite, adopting a multi-layered approach to your digital security can significantly lower your risk

. The most critical steps involve maintaining updated software, enabling advanced security modes, and practicing strict digital hygiene.

Immediate actions for targeted users

For those who believe they may be specifically targeted by Paragon, which has reportedly been used against high-value targets like journalists and activists, these measures are most crucial.

1. Use Lockdown Mode (iOS) or Advanced Protection (Android)

• On iPhone: Go to Settings > Privacy & Security > Lockdown Mode and turn it on. This severely restricts your phone’s functions to minimize the potential for exploitation, including blocking most message attachments and disabling wired connections when your iPhone is locked.
• On Android: Enable Advanced Protection Mode in your security settings to similarly harden your device against sophisticated attacks.

2. Reboot your device daily

Regularly restarting your phone can disrupt certain zero-click attacks that lack persistence, forcing attackers to re-infect the device and potentially increasing the chances of detection.

3. Disconnect from vulnerable networks

If you suspect an infection, temporarily put your phone in airplane mode or remove the SIM card to sever all network connections. This can interrupt active data exfiltration.

4. Consider disabling iMessage and FaceTime

Both iMessage and FaceTime have been targeted by zero-click exploits in the past. If your threat model includes state-level actors, consider using other messaging apps and disabling these features.

5. Consult forensic experts

For high-risk individuals, the most reliable course of action is to contact forensic security experts, such as those at the Citizen Lab or Group-IB, who have experience with these types of infections.

General protective measures

These practices enhance your overall security and make it much harder for commercial spyware to succeed.

Keep all software updated

Install updates for your device’s operating system and all applications as soon as they are available. These patches frequently fix the very vulnerabilities that spyware like Graphite and Pegasus exploit. Apple and WhatsApp have both released patches to mitigate vulnerabilities that Paragon spyware previously exploited.

Use robust security software

Install and regularly run a legitimate anti-spyware program from a trusted provider like Malwarebytes or SentinelOne. While they may not catch every state-level exploit, they add an important layer of defense.

Secure your accounts

• Enable two-factor authentication (2FA) on all your important accounts.
• Use strong, unique passwords for every service to prevent a breach on one site from compromising other accounts.

Practice safe browsing and messaging

• Never click on suspicious links in emails or text messages, especially from unknown senders.
• Be wary of downloads, as spyware can be hidden in malicious electronic documents and third-party apps. Stick to official app stores and trusted websites.
• Enable disappearing messages on apps like WhatsApp so that message histories are not permanently stored, protecting your contacts if their device is compromised.

Protect your data and identity

• Use a VPN to encrypt your internet traffic and hide your IP address, making it harder to track your online activity.
• Delete your information from data broker websites, which collect and sell personal data that could be used by threat actors. Services like Privacy Bee and Optery can help automate this process.

Be aware of your surroundings

• Avoid using unsecured public Wi-Fi networks, which are easy targets for hackers.
• Be careful about physical access to your device. Some security settings can make a device’s USB port a “dumb port” after it has been locked for a period of time, preventing physical access.

SA