Slashdot Mirror

← Back to Stories (view on slashdot.org)

They're Spying On You: Hacking Team Mobile Malware, Infrastructure Uncovered

Posted by timothy on from the leviathan-has-a-posse dept.

msm1267 (2804139) writes Controversial spyware commercially developed by Italy's Hacking Team and sold to governments and law enforcement for the purpose of surveillance has a global command and control infrastructure. For the first time, security experts have insight into how its mobile malware components work. Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting Hacking Team's Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. Adds reader Trailrunner7: [T]he report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. The new modules enable governments and law enforcement officers with extensive monitoring capabilities over victims, including the ability to report on their location, steal data from their device, use the device's microphone in real time, intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more.

48 comments

  1. But... by Anonymous Coward · · Score: 1

    ...it's to keep us FREE! They said so.

  2. Someday we will be required to have cellphones by Squidlips · · Score: 4, Funny

    For our own protection of course. And that someday is coming soon. How much longer can Richard Stallman and I hold out on owning one of these dream (Stalin's) -machines?

    1. Re:Someday we will be required to have cellphones by Anonymous Coward · · Score: 1

      Stallinman is communist anyway.

    2. Re:Someday we will be required to have cellphones by Anonymous Coward · · Score: 0

      Yes, I'm an Anonymous Coward because they're watching. One wonders just how complicit Big Tech is in all of this. Do they provide back doors?

    3. Re:Someday we will be required to have cellphones by tlhIngan · · Score: 1

      For our own protection of course. And that someday is coming soon. How much longer can Richard Stallman and I hold out on owning one of these dream (Stalin's) -machines?

      Is it any surprise they're in Italy? Where the per-capita cellphone ratio is over 2? Yes, they really like their cellphones, and most people have two, or three. Work phone, play (domestic life) phone, and a third just because ("mistress" phone).

      Heck, the worldwide number of cellphones has recently exceeded the population of the world.

      And even though you have a cellphone, you can always turn them off or not have it with you. (I generally leave my cellphone at my desk, even if I wander off. Yes, I can be unreachable). It's like having a facebook account - just because you have one doesn't mean you have to post your entire life onto it - my facebook page just has a photo. I've never posted a single thing, nor do I intend to.

    4. Re:Someday we will be required to have cellphones by Anonymous Coward · · Score: 0

      Add British movie director Christopher Nolan to your list. He claims that he doesn't own a cellphone either. Now there's three of you.

    5. Re:Someday we will be required to have cellphones by Anonymous Coward · · Score: 0

      Doesn't mean there is no data on you.

      Maybe you are logged in to your facebook account, which means that every site you visit that loads the "like" button will be sent to facebook. They can analyze patterns there. Or just the people you have added in your facebook. That is some great information.

      Facebook, just as google, goes pretty deep.

    6. Re:Someday we will be required to have cellphones by Gr8Apes · · Score: 1

      which is why blacklisting both google and facebook locally is a good practice, just like washing your hands.

      --
      The cesspool just got a check and balance.
    7. Re:Someday we will be required to have cellphones by Gr8Apes · · Score: 1

      Own a cellphone, leave it in random locations, share it with friends, make things really confusing.

      --
      The cesspool just got a check and balance.
    8. Re:Someday we will be required to have cellphones by Anonymous Coward · · Score: 0

      which means that every site you visit that loads the "like" button will be sent to facebook

      Firefox + NoScript

    9. Re:Someday we will be required to have cellphones by antdude · · Score: 1

      I hope not. I still don't own a mobile phone like Richard Stallman. If it is enforced, will we get a cellphone for free? Was landline phone service ever required for Americans from the laws?

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    10. Re:Someday we will be required to have cellphones by Anonymous Coward · · Score: 0

      Facebook has an image hosted on their servers for the like button. When you look at that image, Zuckerberg looks back at you. This is one of the few cases where APK's solution is actually good.

  3. Yawn by Anonymous Coward · · Score: 0

    OMG, are they spying on us? Who would have thought!

  4. They mention "uninstall" and "wipe" but not how to by Lexible · · Score: 1

    So: how to prompt such malware to uninstall itself on one's devices?

  5. When you go to the bathroom by Anonymous Coward · · Score: 0

    Take your phone...at least they will listen to the song of your people.

  6. That's it by symes · · Score: 4, Funny

    I'm dusting off my old Motorola 8000 DynaTAC.

  7. Victims? by jythie · · Score: 1

    Interesting choice of words there. 'Victims' and 'suspects' carry pretty different implications with them.

    1. Re:Victims? by disposable60 · · Score: 1

      Perspective - one side's Freedom Fighter is another's Terrorist. cf: LEO::Jack-booted Thug

      --
      You're looking for quotes? See my journal.
    2. Re:Victims? by Rob+the+Bold · · Score: 1

      Interesting choice of words there. 'Victims' and 'suspects' carry pretty different implications with them.

      It makes sense the way it's used. If someone is a "suspect" according to their government, that is someone suspected of a crime, then that government probably has straight-up legal means of eavesdropping on them. OTOH, someone who is being spied on via a surreptitiously installed piece of malware might be more properly called a "victim," since the implication is that the spying is being done in an extrajudicial manner by governments or other parties.

      Of course, one could be both victim and suspect. Or be spied on by more than one party.

      And of course, laws and regulations vary by country, which I add since surely some Slashdotter will feel compelled to point this out anyway. And that Slashdotter may not be named "Shirley".

      --
      I am not a crackpot.
  8. Re:They mention "uninstall" and "wipe" but not how by JaredOfEuropa · · Score: 2

    Better to not install it in the first place. The article mentions targeted attacks: "Once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days; and local infections via USB cables while synchronizing mobile devices". Sounds like stuff you can avoid with some care. They also mention that the trojan will not work on un-jailbroken iOS devices.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  9. If You Want to Be Safe & Secure Go With Micros by Anonymous Coward · · Score: 1, Funny

    Because Windows Phone is THE ONLY secure smart phone you can buy!

  10. Theft of services by Anonymous Coward · · Score: 0

    We need to be provided free unlimited internet access if these idiots are going to steal all of our paid for bandwidth. If I plug into someones electricity, I can be prosecuted for theft of services, same with their land lines, garbage removal, cable tv, etc... How is this different?

    1. Re:Theft of services by Squidlips · · Score: 1

      Nope. Sorry. You have to PAY for the privilege of being spied on. It is the American way.

    2. Re:Theft of services by Bob+the+Super+Hamste · · Score: 2

      It is the government, that is why! Now shut up and provide the agents the necessary resources to violate your rights.

      The biggest problem I see in perusing such charges is finding out who put it there. After that you would need to find a court that will rule in your favor and not be swayed by we need to stop those communist fascist terrorist kiddy diddlers arguments.

      --
      Time to offend someone
    3. Re:Theft of services by Anonymous Coward · · Score: 0

      American way
      Italy's Hacking Team
      has a global command and control
      326 servers outed in more than 40 countries
      Monk School of Global Affairs at the University of Toronto
      during an event in London

  11. Will upgrading iOS remove this? by oddbox · · Score: 1

    How do you think an upgrade / restore will deal with this? The article says that non-jailbroken devices are safe, unless a connected computer jailbreaks it first. Don't Apple have means to discover if a device has been jailbroken, and thus remove all such malware during a proper upgrade or restore? What do you guys think? And, what about how to discover such a hack, now that they are known?

    1. Re:Will upgrading iOS remove this? by DocSavage64109 · · Score: 1

      The one time I jailbroke my phone, I couldn't update it to the newest iOS. This attack seems rather easy to notice if your phone suddenly refuses to allow any updates.

    2. Re:Will upgrading iOS remove this? by grub · · Score: 1

      Some apps have jailbreak detection and will not run, or issue a warning, on jailbroken iOS devices. An app called "Divide" used for keeping work data via MS Exchange (mail, contacts, calendar, etc.) separate from your normal stuff is one.

      --
      Trolling is a art,
  12. I call Alarmism by wannabgeek · · Score: 4, Interesting

    I did RTFA and found this gem: "the iOS version of the RCS Trojans hits only jailbroken devices". Also
    “Once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days; and local infections via USB cables while synchronizing mobile devices,”

    So, ya, while this is bad, it is not in the same league as what NSA's surveillance of everyone and everything is.

    --
    I'm much more funny, interesting and insightful than the moderators think
  13. info@hackingteam.com by Anonymous Coward · · Score: 0

    Via della Moscova 13 20121 - Milano - Italy - Ph. +39 02 29060603 Fax +39 02 63118946

  14. Pigs at the trough by Squidlips · · Score: 3, Insightful

    So with so many bad actors all stealing our cellphone data, how do they avoid stepping on each others toes? It must get crowded on our cellphones with all the malware competing for our data. Oink, oink

    1. Re:Pigs at the trough by Errol+backfiring · · Score: 1

      They don't. They operate at different levels, so they may be listening to an extra "backup" data flow. I rather think they use each other. It is too convenient for "intelligence" agencies not to tap into the already existing camera and audio feed from another spy.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    2. Re:Pigs at the trough by AHuxley · · Score: 1

      Some get given a free mirror of your nations backhaul (NSA, GCHQ).
      Some get given a free mirror of your cities telco towers (federal law enforcement, your mil).
      Some have to use devices at the street level that become a fake cell tower to track people.
      At every level of international, national or local clandestine surveillance you have groups, individuals and multinationals with products and survives to sell, rent or service.
      Your average telco is also bound by international conventions to use standard junk encryption and surveillance friendly telco equipment.
      The cash flows from every level of law enforcement and the mil for new products and services to track dissidents, protesters as they are found or long term.
      The fact that dissidents, protesters are so open to interviews, blog, web 2.0 makes any digital device, service they use a way in.

      --
      Domestic spying is now "Benign Information Gathering"
  15. iOS malware only works on jailbroken devices!! by Noah+Haders · · Score: 3, Informative
    iOS malware only works on jailbroken devices!! FTFA:

    Taking a deeper dive into the malware, Kaspersky and Citizen Lab learned that the iOS version of the RCS Trojans hits only jailbroken devices. Pristine iPhones are also vulnerable if an attacker can remotely run a jailbreaking tool such as Evasi0n and then load the malware implant.

    So I know there will be a lot of shouts here of 'see! iOS is vulnerable just like android!" this only works for people who have chosen to expose themselves to malware. also raises a lot of questions about who are the secret teams behind these jailbreaking kits. Especially with the new news of the new jailbreaking kit out of china.

    don't jailbreak, don't get pwned.

    1. Re:iOS malware only works on jailbroken devices!! by Lexible · · Score: 2
      And you also answer the question by way of spreading FUD about taking control of one's own general purpose computer like a complete jackass.

      My question was: given that the researchers identified ways to uninstall/trigger wipes of the malware from one's phone, how does one go about doing so? "Don't jailbreak an iphone." is not an adequate answer to that question.

    2. Re:iOS malware only works on jailbroken devices!! by Noah+Haders · · Score: 1

      Actually the FUD is in the summary, where it says that android and iOS phones are vulnerable. it's more accurate to say androids and jailbroken iPhones. if you haven't jailbroken your iPhone, then according to this research it is not vulnerable. This is just anti-apple FUD to tear them down.

      in terms of avoiding malware, the suggestion "don't jailbreak your iPhone" is actually an excellent suggestion. Kinda like a strategy to avoid STDs: "don't sleep with whores". for all that slashdot raves about the safety of open source code etc, you think there would be more caution about running unknown code from unknown developers whose purpose is to override your phone's security settings.

    3. Re:iOS malware only works on jailbroken devices!! by AHuxley · · Score: 1

      Re "don't jailbreak, don't get pwned." would be great if the jailbreak aspect was complex and had a few GUI steps that a user would see or have to be fooled into doing.
      Another computer or person can "jailbreak" a device of interest in a way that the person been watched would not be aware of.
      ie you get the users password and its a background like task that is never noticed. ie infect the computer, then you get details on the connected devices, then you can jailbreak. No user interaction needed :)

      --
      Domestic spying is now "Benign Information Gathering"
  16. I am no longer responsible for what goes across by Anonymous Coward · · Score: 0

    With this many bad actors having access to our devices, how can any court or capable attorney allow any defendant to be prosecuted for what is on their phone or other device. I would think reasonable doubt would exist when it can be shown that multiple outside people/companies have full access to remove and place files on our phones.

    1. Re:I am no longer responsible for what goes across by AHuxley · · Score: 1

      As the news from the US shows with "parallel construction" all the digital aspects are cleaned up before any defendant and their legal team get a look at a case presented by the gov.
      Local law enforcement know federal/mil/contractor/private sector help with "parallel construction" is totally wrong. The local law enforcement put on a good show to hide the origins of cases or try to seal early case work and present more legally sound evidence.
      Thankfully whistleblowers, good legal teams, law reform groups, politicians and the press are now more aware of the role federal/mil/contractor/private sector play in the court cases.
      The other method is the idea of a sealed court where a gov expert just presents the logs/digital aspect without public comment or any legal challenge.

      --
      Domestic spying is now "Benign Information Gathering"
  17. Re:They mention "uninstall" and "wipe" but not how by Lexible · · Score: 1

    Way to not answer the question by way of spreading FUD about taking control of one's own general purpose computer, jackass. My question was: given that the researchers identified ways to uninstall/trigger wipes of the malware from one's phone, how does one go about doing so? "Don't jailbreak an iphone." is not an adequate answer to that question.

  18. Leave Britney Alone! by ozzy85 · · Score: 1

    What more do you want to know about her, myself, and my lolcat?

  19. Broken Link in Article by NerdyLove · · Score: 1

    The link is broken for me, should be http://threatpost.com/researchers-go-inside-hackingteam-mobile-malware-command-infrastructure.

    1. Re:Broken Link in Article by NerdyLove · · Score: 1

      Eh, it's working now with /106827. Must have been slashdotted. Sorry!

  20. Nope:iOS malware only works on jailbroken devices by Lexible · · Score: 1

    I notice that you are still not answering the question How to wipe an infected device. Is basic reading comprehension too challenging for you?

  21. Re:They mention "uninstall" and "wipe" but not how by AHuxley · · Score: 1

    What are the options for a uninstall/trigger wipe?
    Could a unique telco call carry the needed 'off' layer without "ringing"/user been notified?
    Could wifi be turned on and a site visit in range send the "off" instruction from a street, shop, cafe?
    Could net connection be used to send the "off" instruction?
    Could malware in a users computer be waiting to issue that command next time connected?
    Consumer devices have many options to connect :)

    --
    Domestic spying is now "Benign Information Gathering"
  22. Re:Nope:iOS malware only works on jailbroken devic by Noah+Haders · · Score: 1

    short answer, you can never know that the phone has been sanitized. First, you'll never even know if you've been infected. Then, even if you go back to a full phone wipe, who knows what was planted in the BIOS or something. Basically, you have to throw out the phone, because it's been pwned 4evar.

  23. Jailbroken claim rat-trap? by Anonymous Coward · · Score: 0

    I'm not saying people should jailbreak their phones to *avoid* this. Clearly jailbroken phones are less secure in some ways than those that are not, but to me this is the equivalent of Microsoft saying "don't crack our software, you'll be safer", when they're long, long since known to be government bend-overs.

  24. Keep Your Messages Private -- With IONU by rowyn_vanm · · Score: 1

    By downloading IONU's app, or installing it on your computer, you don't have to worry about who will see your messages. IONU offers an encrypted messaging service so you can ensure that your message doesn't end up in someone else's hands. Learn more about IONU and download it here: https://ionu.com/download