Slashdot Mirror

← Back to Stories (view on slashdot.org)

They're Spying On You: Hacking Team Mobile Malware, Infrastructure Uncovered

Posted by timothy on from the leviathan-has-a-posse dept.

msm1267 (2804139) writes Controversial spyware commercially developed by Italy's Hacking Team and sold to governments and law enforcement for the purpose of surveillance has a global command and control infrastructure. For the first time, security experts have insight into how its mobile malware components work. Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting Hacking Team's Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. Adds reader Trailrunner7: [T]he report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. The new modules enable governments and law enforcement officers with extensive monitoring capabilities over victims, including the ability to report on their location, steal data from their device, use the device's microphone in real time, intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more.

5 of 48 comments (clear)

  1. Someday we will be required to have cellphones by Squidlips · · Score: 4, Funny

    For our own protection of course. And that someday is coming soon. How much longer can Richard Stallman and I hold out on owning one of these dream (Stalin's) -machines?

  2. That's it by symes · · Score: 4, Funny

    I'm dusting off my old Motorola 8000 DynaTAC.

  3. I call Alarmism by wannabgeek · · Score: 4, Interesting

    I did RTFA and found this gem: "the iOS version of the RCS Trojans hits only jailbroken devices". Also
    “Once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days; and local infections via USB cables while synchronizing mobile devices,”

    So, ya, while this is bad, it is not in the same league as what NSA's surveillance of everyone and everything is.

    --
    I'm much more funny, interesting and insightful than the moderators think
  4. Pigs at the trough by Squidlips · · Score: 3, Insightful

    So with so many bad actors all stealing our cellphone data, how do they avoid stepping on each others toes? It must get crowded on our cellphones with all the malware competing for our data. Oink, oink

  5. iOS malware only works on jailbroken devices!! by Noah+Haders · · Score: 3, Informative
    iOS malware only works on jailbroken devices!! FTFA:

    Taking a deeper dive into the malware, Kaspersky and Citizen Lab learned that the iOS version of the RCS Trojans hits only jailbroken devices. Pristine iPhones are also vulnerable if an attacker can remotely run a jailbreaking tool such as Evasi0n and then load the malware implant.

    So I know there will be a lot of shouts here of 'see! iOS is vulnerable just like android!" this only works for people who have chosen to expose themselves to malware. also raises a lot of questions about who are the secret teams behind these jailbreaking kits. Especially with the new news of the new jailbreaking kit out of china.

    don't jailbreak, don't get pwned.