NSO Group launched their tracking technology called “Fleming” in March 2020 amid Covid-19 cases arising worldwide.
Two months later, a database belonging to the Fleming program was found unprotected online.
The database contained more than five lakh data points for more than 30,000 unique mobile phones.
NSO Group quickly found the database when TechCrunch reported, but the Israeli company denied there was a security breach.
A sample of the open database was obtained and analyzed by Forensic Architecture, an academic unit at Goldsmiths, University of London, which suggested that the data was based on “real” personal data belonging to unknown civilians. ‘endangering their private information.
The sample of the open database we obtained contains over 149,000 data points … We examined the nature of the data: whether it was based on “real” personal data belonging to many unsatisfactory civilians and , if so, whether it was properly provided in a way that protects private identity, or if it was “difficult” data, ”the researchers said Wednesday.
“The spatial ‘anomalies’ in our sample – a common signature of highly mobile routes – further support our assessment that this is true data. Thus, the data does not appear to be dummy or computer-generated data, but reflects the movement of individuals, possibly obtained from telecommunications carriers or a third-party source. -party. “
The open data included location information from Rwanda, Israel, Saudi Arabia, the United Arab Emirates, and Bahrain, the researchers said.
NSO Covid-19 detection tracking software is designed to make it easier for governments to see the spread and spread of the virus by feeding location data from cell phone companies. He launched a strong attack on the system earlier this year.
NSO is better known for ‘Pegasus’ – malware sold to governments to allow remote infection and surveillance of private smartphones.