Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Demo Shows How Spooks Hack Mobile Phones

Posted by samzenpus on from the how-does-it-work dept.

An anonymous reader writes: Joe Greenwood, of cybersecurity firm 4Armed, recently gave a live demonstration of some of Hacking Team's leaked spyware to the BBC. Tracking Bitcoin payments, recording audio from the microphone of a locked device, and secretly gaining control of an infected phone's camera are just a few of the software's capabilities. The BBC reports: "Both Mr Greenwood and 4Armed's technical director, Marc Wickenden, said they were surprised by the sleekness of the interface. Both point out, though, that customers could be paying upwards of £1m for the software and would expect it to be user-friendly, especially if it was intended for use by law enforcers on the beat. For the tracked user, though, there are very few ways of finding out that they are being watched. One red flag, according to Mr Greenwood, is a sudden spike in network data usage, indicating that information is being sent somewhere in the background. Experienced spies, however, would be careful to minimize this in order to remain incognito."

4 of 35 comments (clear)

  1. "... by law enforcers on the beat." by Anonymous Coward · · Score: 4, Interesting

    ... or in other words, foot patrol cops on a fishing expedition. Over and over again, the officials in our governments and law enforcement talk about how there are all these safeguards and how hard it is to use surveillance and time (Snowden) and time (Hacking Team crack) again the reality shows them for the lying autocrats that they are.

    I wish someone would have made sure that Hacking Team, and other companies like them, no longer were in business permanently. Instead, we are leaning the other way, with "terrorism experts" saying that private companies should have their own equivalents of Internet armies.

    captcha: warped

  2. Huh? It's already out there for free! by Ungrounded+Lightning · · Score: 4, Insightful

    How long will it take before some member of some enforcement organization somewhere in the world sells a copy of this to some other organization?

    Huh?

    I thought:
      - all this stuff (including the tools source code) was looted from "The Hacking Team" and dumped on the net.
      - A security researcher compiled it and tested it.
      - And this article was about what he got it to do.

    So It's already out there, right now! Anybody who snagged a copy and figured out how to compile and run it can now do this.

    Have I misunderstood something?

    THIS is why it's not a good idea for governments to fund building and perfecting such tools, and to encourage the installation, rather than removal, of backdoors and vulnerabilities. Eventually they leak. Then these advanced capabilities are available to script kiddies, crooks, enemy spies, the tyrannical security forces of even minor regimes, and every jealous spouse and malicious bully with a trace of technical savvy.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  3. Re:Gaining control of infected phone .. by coofercat · · Score: 2

    Yeah, the one really important detail - missed out.

    My guess is that infection is not as easy as you might think - possibly physical access is required (no problem for the spooks, harder for the scrip kiddies).

  4. Re:Gaining control of infected phone .. by PPH · · Score: 2

    How exactly did the phone get 'infected' in the first place?

    From TFS:

    especially if it was intended for use by law enforcers on the beat.

    So when you get stopped by a cop, your pockets emptied and your car searched, one of the cops runs back to the patrol car with your phone, plugs it into a PC and loads the s/w.

    Or some /. post just directs you to a BBC article with an infected Flash video.

    --
    Have gnu, will travel.