UAE chat application took a government spying tool
A chat application that quickly became popular in the United Arab Emirates to communicate with friends and family is actually a spying tool used by the government to track its users, according to a report.
The government uses ToTok to track conversations, locations, images and other data of those who install the application on their phones, The New York Times reported, citing US officials familiar with a classified intelligence assessment and the newspaper's own investigation.
Emirates has long blocked Apple's FaceTime, Facebook WhatsApp and other calling applications. The Emirati media have been playing ToTok as an alternative for expatriates living in the country to call their loved ones for free.
The Times says that ToTok is a few months old and has been downloaded millions of times, with most of its users in the Emirates, a federation of seven US allied sheikhs in the Arabian Peninsula.
Government surveillance in the Emirates is prolific, and it has long been suspected that the Emirates use so-called "zero-day" exploits to attack human rights activists and others.
Zero-day farms can be expensive to obtain on the black market because they represent software vulnerabilities for which solutions have not yet been developed.
The Times described ToTok as a way to give the government free access to personal information, as millions of users are voluntarily downloading and installing the application on their phones and giving blind permission to enable features.
As with many applications, ToTok requests location information, supposedly to provide accurate weather forecasts, according to the Times. It also requests access to contacts on a phone, supposedly to help users connect with friends. The application also has access to microphones, cameras, calendar and other data.
A security expert who said he analyzed the application for the Times, Patrick Wardle, said that ToTok "does what it says to do" as a communications application, which is the "genius" of the application if used as a spy tool. . "No exploits, no backdoors, no malware," he wrote in a blog post. The application can obtain information about users through common functions.
In a blog post on Monday, ToTok did not respond directly to the Sunday Times report, but said that with "reference to the rumors circulated today about ToTok," the goal of the creators of the application was to create reliable and easy-to-use communication. platform. The publication said that ToTok had high security standards to protect user data and a privacy framework that complied with local and international legal requirements.
ToTok said the application was temporarily unavailable in the Google and Apple app stores due to a "technical problem."
The Times says that, according to a technical analysis and interviews with security experts, the company behind ToTok, Breej Holding, is probably affiliated with DarkMatter, an Emirati cybersecurity company that has hired former CIA analysts and the Agency of National Security and has close commercial ties The Emirati government.
Emails sent to ToTok through its website and to the embassy of the Emirates in Washington were not immediately returned.