The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada focusing on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security. Learn more »

In Focus

An Analysis of the International Code of Conduct for Information Security

As the United Nations General Assembly begins its milestone 70th session, international digital security is high on the agenda. One starting point for discussion is likely to be the International Code of Conduct for Information Security (the “Code”). This analysis explores how the Code has developed over time, impetus behind the changes made, and the potential impact of the Code on international human rights law and its application. It is accompanied by an interactive comparison of the 2015 and 2011 versions of the Code.

Are the Kids Alright? Digital Risks to Minors from South Korea’s Smart Sheriff Application

This report describes the results of two independent security audits of Smart Sheriff, one by researchers who collaborated at the 2015 Citizen Lab Summer Institute (held at the Munk School of Global Affairs, University of Toronto), and the other by the auditing firm Cure53. The combined audits identified twenty-six security vulnerabilities in recent versions of Smart Sheriff (versions 1.7.5 and under). These vulnerabilities could be leveraged by a malicious actor to take control of nearly all Smart Sheriff accounts and disrupt service operations.

London Calling: Two-Factor Authentication Phishing From Iran

This report describes an elaborate phishing campaign using two-factor authentication against targets in Iran’s diaspora, and at least one Western activist.

Research News

تماس از لندن: فیشینگ رمز عبور دو مرحله‌ای از ایران

این گزارش به کمپین رو به رشد حملات فیشینگ علیه کاربران در گستره ایران و حداقل یک حمله به یک فعال غربی می‌پردازد. این حمله‌ها تلاش دارند تا امنیت مضاعفی که از طریق رمز عبور دو مرحله‌ای در گوگل فراهم شده است را دور بزنند و به شکل گسترده‌ای مبتنی بر تماس‌های تلفنی و تلاش برای ورود در زمان حقیقی از سوی مهاجم است. جالب اینجاست که این حمله‌ها عموما با یک تماس تلفنی از کشور انگلستان شروع می‌شده و هکرها به یکی از دو زبان فارسی و یا انگلیسی ارتباط برقرار می‌کرده‌اند.

Canada’s Quiet History Of Weakening Communications Encryption

This article, written by Postdoctoral Fellow Christopher Parsons and CIPPIC Staff lawyer Tamir Israel, analyzes how successive federal governments of Canada have actively sought to weaken the communications encryption available to Canadians. The article covers regulations imposed on mobile telecommunications providers, state authorities’ abilities to compel decryption keys from telecommunications providers writ large, and Canada’s signals intelligence agency’s deliberate propagation of flawed encryption protocols.

Every Rose Has Its Thorn: Censorship and Surveillance on Social Video Platforms in China

In this paper presented at USENIX FOCI 2015 we use reverse engineering to provide a view into how keyword censorship operates on four popular social video platforms in China: YY, 9158, Sina Show, and GuaGua. We also find keyword surveillance capabilities on YY. Our findings show inconsistencies in the implementation of censorship and the keyword lists used to trigger censorship events between the platforms we analyzed. We reveal a range of targeted content including criticism of the government and collective action. These results provide evidence that there is no monolithic set of rules that govern how information controls are implemented in China.

Information Controls Research at FOCI 2015

At the  2015 USENIX Free and Open Communications on the Internet (FOCI) workshop, held in Washington DC on August 10, Citizen Lab and collaborators present three papers.

The papers include: investigation of censorship and surveillance on China’s most popular social video platforms, an updated analysis of China’s Great Canon, and examination of securing cookie-based identifiers from passive surveillance.

More Research...

Lab News

Irene Poetranto at Colombia’s Internet Governance Forum

Citizen Lab Communications Officer and Researcher Irene Poetranto speaking at a number of cybersecurity events in Latin America, including the second annual Colombian Internet Governance Forum.

Jason Q. Ng speaks to the China Economic Review on UC Browser vulnerabilities

Citizen Lab Senior Research Fellow Jason Q. Ng spoke to the China Economic Review on the findings of the UC Browser report, and the impact of security vulnerabilities on users.

Morgan Marquis-Boire at infosec conferences

Morgan Marquis-Boire at the Strange Loop Conference, t2’15 conference, and Black Hat Executive Summit.

The Citizen Lab wins 2015 Pioneer Award

The Citizen Lab is one of the winners of the 2015 Pioneer Award, awarded by the Electronic Frontier Foundation (EFF).

More Lab News...

Get Connected