Researchers concluded that Collection Spyware manufacturer NSO used the real location data of thousands of people when it showed its new Fleming system to track the Coronavirus to governments and journalists.
NSO, a company notorious for selling governments access to the Pegasus spyware, earlier this year promoted its system, which aims to help governments track the spread of the coronavirus.
Fleming is designed to allow governments to feed location data from cell phone companies to visualize and track the spread of the virus.
NSO has demonstrated Fleming technology to several news outlets, which NSO says helps governments make public health decisions without compromising individual privacy.
In May, a security researcher discovered an exposed database storing thousands of site data points that NSO used to demonstrate how Fleming works.
The researcher informed the company about this, which secured the database, but said: The site data is not based on real data.
NSO’s claim that location data was not authentic is different from Reports Included in the media, who said: NSO has used location data obtained from data brokers in order to train the system.
Privacy expert (Tehilla Shwartz Altshuler) said: NSO told her that the data was obtained from data brokers, who sell access to huge groups of aggregate location data gathered from installed apps across millions of phones.
The researchers have published in Forensic Architecture, an academic unit at the University of London that studies and examines human rights violations. Their results, And concluded that the exposed data was most likely based on actual site data.
If the data were real, the researchers said, NSO violated the privacy of 32,000 individuals in several countries.
The researchers analyzed a sample of the exposed location data by looking for the patterns they expected to see with real people location data, such as: the concentration of people in major cities and measuring the time it takes people to travel from one place to another.
The researchers also found spatial irregularities that would correlate with real data, such as patterns generated by a phone trying to precisely locate it when the line of sight to a satellite is obstructed by tall buildings.
The researchers said: The data set is most likely not fake data and is not generated by the computer, but rather reflects the movement of actual individuals, perhaps from telecommunications companies or another source.
The data likely originated from mobile applications that used a combination of live GPS data, nearby wireless networks, and the phone’s built-in sensors to try to improve the quality of location data.
NSO rejected the researchers’ results, and said: We did not see the supposed examination and we have to wonder how these conclusions were reached, however, the experimental materials were not based on real data related to individuals infected with the Coronavirus.
She added: The Fleming System is a tool that analyzes data provided by users to assist healthcare decision-makers during this global pandemic, NSO does not collect any data for the system, and NSO has no access to the data collected.