Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed

Posted by Soulskill on from the productive-payloads dept.

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.

19 of 92 comments (clear)

  1. Whose law? by Noah+Haders · · Score: 3, Interesting

    Sold malware within the limits of the law? Whose law? Not my law. By my law a man looks another man in the eye before stabbing him in the heart, and doesn't sneak up on him to stab him in the back.

    1. Re:Whose law? by ArcadeMan · · Score: 2

      Sold malware within the limits of the law? Whose law?

      Brannigan's Law.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    2. Re:Whose law? by ArcadeMan · · Score: 2

      Every time I read the word "law" now, I replace it with "injustice".

      --
      Get free satoshi (Bitcoin) and Dogecoins
    3. Re:Whose law? by mlw4428 · · Score: 2

      The law of the country in which the company was based. Your personal law means diddly squat. By my law men name Noah are cast to the wolves as food. Noah, what a dumb name.

    4. Re:Whose law? by SharpFang · · Score: 3, Interesting

      There are countries (including the US) that do consider certain acts committed outside of their borders, not by their citizens, that only indirectly affect their country or citizens, as full crimes, to be persecuted and the guilty to be extradited, regardless of laws of the countries where these "crimes" were committed.

      So, if given country has a law against aiding unauthorized entities from spying on their citizens, and the firm sells the software to these entities, it is committing a crime. And while extradition or direct consequences are unlikely, they are not impossible, especially if employees of the firm ever visit the country in question.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  2. Ok, so... by Anonymous Coward · · Score: 2, Insightful

    Awesome. So when's the patch coming out?

  3. Re:Bring-on the Apple haters by xxxJonBoyxxx · · Score: 2

    >> if security and privacy are a concern, maybe iPhone isn't really such a bad option

    Dude, is Google down today? http://lmgtfy.com/?q=iphone+ma...

    Then look up WireLurker. Then MASQUE-D. And if you jailbreak a phone, pretty much all bets are off.

  4. Being within the law doesn't make it right by Opportunist · · Score: 4, Insightful

    Killing Jews was strictly within the law of Nazi Germany.

    What is wrong is wrong. Within the law or outside of it, there are certain things that make you an asshole when you do it.

    Supporting oppressive regimes is such a thing. Yes, it's legal to deal with them. Yes, it's legal to sell them your shit. Yes, you're still an asshole for doing so. A legal asshole if you want to, but at the end of the day, you're still just full of shit and nobody wants to touch you.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. A request ... by gstoddart · · Score: 4, Insightful

    Hey, if there's any angry hackers out there, will someone please ruin these assholes lives?

    Because if anybody deserves to be fucked with by the internet, it's these clowns.

    kthanksbye

    --
    Lost at C:>. Found at C.
    1. Re:A request ... by wbr1 · · Score: 2

      Given this data dump I would say someone has and is probably still trying to.

      --
      Silence is a state of mime.
  6. Not out of the ordinary by Hall · · Score: 2

    Sounds like a lot of different Android apps. The Facebook app can do most of the same things, as can Chrome, and so on....

  7. Check-up tool? by wardrich86 · · Score: 2

    Is there a tool to check and see if you've been infected?

  8. Re:Bring-on the Apple haters by Anonymous Coward · · Score: 2, Informative

    Jailbroken iDevices are totally irrelevant. There have been zero exploits on non-JB devices that are widespread.

    Also, Android isn't that insecure. A rooted Android device is just as secure as an unrooted one, assuming the user doesn't click "allow" on the su dialog. In fact. the latest su app won't allow apps to ask for root access unless the install permissions have PERMISSION_SUPERUSER present in the app manifest.

    However, Android does have a permission model that is all or nothing, where a fleshlight app can ask for everything under the sun and there is no "allow, but not with those permissions" available.

    Well, unless one downgrades to 4.x and uses XPrivacy, which solved the job quite well, as good, if not better than PMP on Cydia.

  9. Android's stock browser MUST be removed by emil · · Score: 3, Interesting

    The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.

    This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.

    LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.

  10. Ha ha by JustAnotherOldGuy · · Score: 2

    Never have I been so happy to have an old, old Nokia phone that can't load apps, doesn't run on iOS or Android, and is pretty much immune to all of this fancy hacker-bullshit. Yeah, maybe I'm a throwback, but at least I'm not worried about having my phone cornholed by some crap-ass company or hacker.

    No, I can't watch movies on my phone (that's what I have a TV for, hello?) and no I can't find out the temperature on Mars, but guess what? I don't want to.

    I want to 1) make calls, 2) take calls, and 3) maybe take a picture now and then. Trying to hack my phone would be an exercise in frustration, lol. :)

    --
    Just cruising through this digital world at 33 1/3 rpm...
  11. Are we supposed to be surprised? by Overzeetop · · Score: 3, Interesting

    A dedicated, full time, paid set of software (and, presumably) hardware professionals with tens (or hundreds) of millions in revenue/funding with no fear of prosecution have managed to create effective software which uses exactly the same features that are available to the OS and app developers to collect data and phone home on the sly, while avoiding detection by people who are - mostly - entirely ignorant of the underlying system.

    This is funded by the same people who can press a button and put a thousand pounds of high explosives, literally, through the front door of a building a thousand miles away in under 120 minutes, or 500lbs from 300 miles away in under 10 minutes.

    It would be a story if they couldn't. (actually, it wouldn't - we'd call them typical incompetent government contractors).

    --
    Is it just my observation, or are there way too many stupid people in the world?
  12. Re:Bring-on the Apple haters by 0123456 · · Score: 2

    Walled garden makes no difference, as this apparently exploits old Android bugs to install itself.

    The big difference is that Apple continues to support old devices with new versions of the operating system until the hardware becomes too outdated to run it. Android devices are lucky if they get two upgrades before the carrier or manufacturer declares them done.

    And, yes, that's one reason I'm expecting to dump Android for Apple when Google stop supporting my Nexus tablet.

  13. Psssh.. my flash light app can do all that ... by Hohlraum · · Score: 5, Funny

    ;)

  14. Re:Bring-on the Apple haters by Krojack · · Score: 2

    Walled garden makes no difference, as this apparently exploits old Android bugs to install itself.

    The big difference is that Apple continues to support old devices with new versions of the operating system until the hardware becomes too outdated to run it. Android devices are lucky if they get two upgrades before the carrier or manufacturer declares them done.

    And, yes, that's one reason I'm expecting to dump Android for Apple when Google stop supporting my Nexus tablet.

    Apple does stop supporting. My (no longer used) iPad is stuck on iOS 5.x.

    Personally I believe device manufactures should be held accountable for not pushing OTA updates to patch security exploits. At least for x number of years after releasing a device or Google stops patches for that version of Android. This is one reason I moved to a Nexus 6 from a Samsung Note 2. I was considering a Note 4 but I hate always being 2 versions behind in Android versions. Samsung claims they are working on 5.0.x for the Note 2 but if and when they push it out, Android M (5.2?) will be out. Sure I was already running 5.1 because I root. That's not the point. The point is that these companies being slow at pushing out OS updates is whats keeping so many people's devices at risk.