Slashdot Mirror
Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed
An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages.
Hacking Team says it sold its surveillance and intrusion software strictly within the law.
You are all cows. Cows say moo. MOOOOOOO! MOOOOOOOO! Moo cows MOOOOOOO! Moo say the cows. YOU COWS!!
Sold malware within the limits of the law? Whose law? Not my law. By my law a man looks another man in the eye before stabbing him in the heart, and doesn't sneak up on him to stab him in the back.
You are all cows. Cows say moo. MOOOOOOOO! MOOOOOOOO! Moo cows MOOOOOOOO! Moo say the cows. YOU COWS!!
Slashdot and commenters always like to talk walled-garden, over-priced devices, lacking technology, questionable labour practices and more. One thing Slashdot has never ever posted about is device exploits at any level. Perhaps if security and privacy are a concern, maybe iPhone isn't really such a bad option. I foresee someone replying with "Apple isn't a target because their user-base is so low".
Awesome. So when's the patch coming out?
Something that runs as root/administrator has access to all that data, no surprise. Maybe you mean the fact that somebody programmed a way to retrieve and view it all as the accomplishment, all that took was time for somebody to do it all.
Killing Jews was strictly within the law of Nazi Germany.
What is wrong is wrong. Within the law or outside of it, there are certain things that make you an asshole when you do it.
Supporting oppressive regimes is such a thing. Yes, it's legal to deal with them. Yes, it's legal to sell them your shit. Yes, you're still an asshole for doing so. A legal asshole if you want to, but at the end of the day, you're still just full of shit and nobody wants to touch you.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"The spyware is delivered either via the aforementioned app, or via an SMS or email that contain a specially crafted URL that will trigger exploits for several vulnerabilities in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean."
You are fucked. Either root your own device and upgrade to a new version/custom rom or just live with the fact that you will always stay vulnerable, at least until your next phone purchase.
Thank the phone carries going forward for their forward thinking.
Hey, if there's any angry hackers out there, will someone please ruin these assholes lives?
Because if anybody deserves to be fucked with by the internet, it's these clowns.
kthanksbye
Lost at C:>. Found at C.
Sounds like a lot of different Android apps. The Facebook app can do most of the same things, as can Chrome, and so on....
Is there a tool to check and see if you've been infected?
Just another shitty day on a shitty phone OS
The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.
This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.
LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.
A bunch of soulless, fascist fucks that have proven that they deserve to live in Guantanamo Bay as honored guests, like the rest of the terrorists residing there.
This is great for framing people you do not like. Hack their phone, upload some child porn to the device, then phone in an anonymous tip that you saw the victim looking at questionable content on his phone. Leave the back door around long enough to help unlock the device if the victim decides to lawyer up and make it difficult for the cops to get in.
Community at bought the farm... a productiv1ty Any doubt: FreeBSD
I know there is for the PC, I'd like to see if I can catch some bitch trying to hack my phone. Thanks.
Never have I been so happy to have an old, old Nokia phone that can't load apps, doesn't run on iOS or Android, and is pretty much immune to all of this fancy hacker-bullshit. Yeah, maybe I'm a throwback, but at least I'm not worried about having my phone cornholed by some crap-ass company or hacker.
:)
No, I can't watch movies on my phone (that's what I have a TV for, hello?) and no I can't find out the temperature on Mars, but guess what? I don't want to.
I want to 1) make calls, 2) take calls, and 3) maybe take a picture now and then. Trying to hack my phone would be an exercise in frustration, lol.
Just cruising through this digital world at 33 1/3 rpm...
A dedicated, full time, paid set of software (and, presumably) hardware professionals with tens (or hundreds) of millions in revenue/funding with no fear of prosecution have managed to create effective software which uses exactly the same features that are available to the OS and app developers to collect data and phone home on the sly, while avoiding detection by people who are - mostly - entirely ignorant of the underlying system.
This is funded by the same people who can press a button and put a thousand pounds of high explosives, literally, through the front door of a building a thousand miles away in under 120 minutes, or 500lbs from 300 miles away in under 10 minutes.
It would be a story if they couldn't. (actually, it wouldn't - we'd call them typical incompetent government contractors).
Is it just my observation, or are there way too many stupid people in the world?
;)
these HT faggots deserve the most violent death, their families too, the employee as well, they should be dealt with hebdo style but with more time for torturing them. Of course everything goes on HD video and is then posted online as a lesson.
Years ago, Jewish State operatives kidnapped a moderate Jew in Italy (with the full co-operation of the Italian government) and took him back to Jewish State headquarters- Israel, where he is still held prisoner to this day. His 'crime'- exposure of the NUCLEAR WARHEAD manufacturing plants of Jewish State.
Hacking Team is another Jewish State operation in Italy, working as a semi-official front for GCHQ and the NSA. Google, which is owned and controlled by senior members of Jewish State, ensure Android is, by design, riddled with back doors that ensure the maximum amount of covert surveillance of smart-phones is possible.
Now as I hope most of you know, Jewish State operation Hacking Team provided weaponised software to the very worst Islamic State nations, including Somalia, Sudan and Saudi Arabia. Unlike modern SECULAR Muslim states like Syria, Libya and Iraq (before the US/NATO invasions), Islamic State nations legally define women as SLAVES - sub-Humans with no independent rights.
Jewish State and Islamic State are really the same thing, which is why Israel and Saudi Arabia have equal and total influence in Washington. Jewish State and Islamic State operate above the Laws of Man, hence the horrors of World War class weapons systems used against the civilian populations of Gaza and Yemen, with ABSOLUTE APPROVAL of both houses of US Congress. America is the political and military force behind both Islamic and Jewish State.
So, how does the EU, a Jewish State puppet, explain the legality of Hacking Team's support of the worst regimes in Human History? Ah, well, Iran is 'evil' and Russia is 'evil' because Jewish State spokesmen say so, so any act of terror against either nation is fine. Israel is the blood brother of the House of Saud, so any nation given the stamp of approval by Saudi Arabia is fine as far as the EU is concerned.
Dice is a Jewish State propaganda outlet (as as we well know, Dice's inherent criminality has led to the demise of the once great SourceForge). So Dice will continue to big-up criminal terrorist operations like Hacking Team, and continue to demonise Iran and Russia- two nations that are also the greatest opponents of the Jewish State/Islamic State alliance.
Why call it secure?
Ssl is broken, most if naught all security measures that were created many years ago are broken.
These mechanisms were created many years ago.. MANY!!! As a result, tech has caught up now and all of these methods are crap..
I find it funny that many people try to sweep it under the "rug" but we are here now..
What ya going to to about it?
"Hacking Team used fake app hosted on Google Play to install its spyware on Android devices"
For a minute there I thought Hacking Team/slashdot were going to dazzle me with their hacking-foo. How does remotely installing and running an app - and achieving root on a device - equate to tricking the user into downloading and installing a fake app?
Who do they think they are, the NSA? We'll show them what exceptional hackers are and bomb them off the face of the earth.