Researchers Uncover Android Malware With Never-Before-Seen Spying Capabilities (arstechnica.com)

← Back to Stories (view on slashdot.org)

Researchers Uncover Android Malware With Never-Before-Seen Spying Capabilities (arstechnica.com)

Posted by BeauHD on Tuesday January 16, 2018 @09:30AM from the all-encompassing dept.

An anonymous reader quotes a report from Ars Technica: According to a report published Tuesday by antivirus provider Kaspersky Lab, "Skygofree" is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares. With 48 different commands in its latest version, the malware has undergone continuous development since its creation in late 2014. It relies on five separate exploits to gain privileged root access that allows it to bypass key Android security measures. Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, gelocation data, calendar events, and business-related information stored in device memory. Skygofree also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. Another never-before-seen feature is the ability to steal WhatsApp messages by abusing the Android Accessibility Service that's designed to help users who have disabilities or who may temporarily be unable to fully interact with a device. A third new feature: the ability to connect infected devices to Wi-Fi networks controlled by attackers. Skygofree also includes other advanced features, including a reverse shell that gives malware operators better remote control of infected devices. The malware also comes with a variety of Windows components that provide among other things a reverse shell, a keylogger, and a mechanism for recording Skype conversations.

102 comments

Min score:

Reason:

Sort:

Kaspersky Lab by Anonymous Coward · 2018-01-16 09:37 · Score: 0

Isn't "surveillance ware" what they do?
1. Re:Kaspersky Lab by Anonymous Coward · 2018-01-16 09:40 · Score: 2, Interesting
  
  No that'd be NSA/Googlesoft :)
2. Re:Kaspersky Lab by Anonymous Coward · 2018-01-16 09:51 · Score: 0
  
  Like twitter? I love the amount of silence from the "editors" on this aside from the expected Miss Mash bash story on Veritas.
3. Re:Kaspersky Lab by hashish · 2018-01-16 11:54 · Score: 1
  
  Maybe it is a case of 'have to be a thief to catch a thief'.
4. Re:Kaspersky Lab by Anonymous Coward · 2018-01-16 14:26 · Score: 0
  
  > Isn't "surveillance ware" what they do?
  Do they? Or did they fail to join the noble efforts of NSA etc. and therefore became "persona non grata"?
5. Re: Kaspersky Lab by Anonymous Coward · 2018-01-16 23:49 · Score: 0
  
  +1
Sounds as nasty as veriato / spector by TigerPlish · 2018-01-16 09:39 · Score: 1

I find such things immensely distasteful. >.
Hm. Gives me an idea for an app! appy app apps!

--
The "Civilized World" jumped the shark ca. 1973.
Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-16 09:50 · Score: 0

Kaspersky can publish all the reports they want.
No responsible IT professional will trust this known Russian government surveillance company into their network knowingly.
1. Re:Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-16 09:54 · Score: 0
  
  why?
2. Re:Doesn't make up for hacking our computers by Opportunist · 2018-01-16 09:58 · Score: 2
  
  "Known"? The Annoying Orange claiming something is now "known"?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3. Re:Doesn't make up for hacking our computers by SonarNerd · 2018-01-16 10:24 · Score: 4, Insightful
  
  Your local government(s) exactly want you to think that way, so that you don't use those tools that would detect their malware. They can silence local tool vendors using National Security Letters. But not these kind of foreign ones.
  If you read the story, mostly Italians are infected, with a malware made by Italian company and likely used by Italian intelligence agencies...
4. Re:Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-16 10:32 · Score: 0
  
  Some sense on Slashdot. How increasingly rare!
5. Re:Doesn't make up for hacking our computers by mark-t · 2018-01-16 10:41 · Score: 1
  
  For values of "known" == "alleged" or even "highly suspected", perhaps.
  
  --
  File under 'M' for 'Manic ranting'
6. Re:Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-16 11:27 · Score: 0
  
  "Known"? The Annoying Orange claiming something is now "known"?
  So Russians are OK when Trump calls them bad, but they're, oh, maybe, say, an evil empire trying to take over the world when, oh, say Hillary Clinton says so?
  Damn, didn't someone say "The 1980s called and want their foreign policy back"?
7. Re:Doesn't make up for hacking our computers by Opportunist · 2018-01-16 11:45 · Score: 1
  
  Where does she enter the equation?
  Is it possible in your little black-and-white world that thinking the Annoying Orange is simply and plainly a loonie doesn't automatically mean that I consider the bitch any better? You had an election last year, but no choice.
  Back on topic: You wanted to show me some kind of proof that Kaspersky is spying for the Russians.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
8. Re:Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-16 12:46 · Score: 0
  
  >Where does she enter the equation?
  It's cause she won't shutup and go away like the two-time presidential race candidate loser that she is.
9. Re:Doesn't make up for hacking our computers by Opportunist · 2018-01-16 12:57 · Score: 1
  
  Whatever. Am I going to hear where Kaspersky is spying for Russia?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
10. Re:Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-16 13:46 · Score: 0
  
  Because your orange god-emperor's master is a super-douchebag?
  wtf?
  You trumpanzees are breaking records in retardation levels.
11. Re:Doesn't make up for hacking our computers by HiThere · 2018-01-16 14:27 · Score: 1
  
  OK. I think there's a fair chance that Kaspersky is spying for Russia, at least occasionally. Now ask me about AT&T, or someone else, because it's not like that makes them different from any other company. Russia spying on me is a less direct threat than some US agency doing so.
  It's quite appropriate to say than on US classified work should be done on any device running Kaspersky software. But I doubt than any British or Japanese company should trust software from the US.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
12. Re:Doesn't make up for hacking our computers by gl4ss · 2018-01-16 16:16 · Score: 1
  
  two sides.
  it's true anyways.
  however, I suspect google paid them off to emphasize accessibility service use, so google can remove it and cite that as reason.
  because you know, if you have root, they can get the views without the accessibility server as well(this is necessary so they get the text fields contents without having to screencap the entire thing, which would work just as fine for spying as well).
  and yes I have written an accessibility service for android - it was necessary so that I could know what app is in foreground, it's necessary because google removed other options for knowing that. it's a kiosk mode application/manager so it's not really any security issue to the user as such..
  
  --
  world was created 5 seconds before this post as it is.
13. Re:Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-16 17:54 · Score: 0
  
  I love your language nothing says liberal like mocking people for their appearance it is very noble.
  I think you people would rather another Bush be in office than Trump because he did not take donations from enemies foreign and domestic like your hero Hillary did.
  Regardless of Trump's behavior he seems to be getting some results But who has time to look up facts when you are so busy keeping up on the latest insults a noble en devour i am sure.
  Trump won because of the left's arrogance and he will win again cause you people never stop.
14. Re:Doesn't make up for hacking our computers by Opportunist · 2018-01-16 22:41 · Score: 1
  
  So "there is a fair chance" is now translated to "it is known fact"?
  What we have is allegations from the annoying orange. That's it. Their response was to have their source code audited for any possibility of collaboration with any state actor, which is more than I could say for Microsoft, Symantec or McAfee.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
15. Re: Doesn't make up for hacking our computers by Anonymous Coward · 2018-01-17 10:38 · Score: 0
  
  Hahahahaha... my sides... the words Trump and facts in the same sentence. Whew.. seriously though, we are living in a post facts society now. Science is dead. One need only declare something to make it so.
Three questions... by Blinkin1200 · 2018-01-16 09:58 · Score: 4, Interesting

1 - How can I tell if I'm infected?
2 - Where can I get it?
3 - How much does it cost?
for testing purposes...
1. Re:Three questions... by AHuxley · 2018-01-16 13:44 · Score: 1
  
  As a thought experiment? A fictional movie script?
  1. Police, security services or special forces at the door with vans waiting outside.
  
  2.. That needs some research. Go to a library and write out a long list on paper of a nations most sensitive mil/industrial/research/medical sites, contractors/gov services, mil sites, mil ports.
  Dont do that research online.
  
  Buy a small number of new cell phones that have a lot of community software and hardware support to see what the cell phone hardware and OS is doing in real time.
  Create new accounts. Use a language setting that fits in well with faiths/cults the security services are always interested in.
  Use a face for the new account profile that is new to the internet. An non internet art project to get that real new profile looking very real.
  Use more art to create a small group of new friends to link too. Same language and faith on a few other new account cell phones.
  Keep the collection of new cell phones with their created accounts near each other around a room. Seat spacing around a table is good.
  
  Use any good encrypted search engine with a free map function and start searching online down the list of sites, locations with a cell phone.
  Have some way of seeing realtime changes to the cell phone its OS, its CPU use, data flow.
  
  3. Its free, the security services will upgrade the networked cell phone doing the searching.
  See what changes on the cell phone and its average data flow in/out using external advanced software and hardware to keep track of the cell phone OS, data use in real time.
  
  See if the OS user brand tools, settings in the cell phone show the same data/network changes.
  Test the mic with hardware to see when its turned on by malware. Play back a speech in a language that most interests the security services. See how the mic settings change, mic activates at an OS level in the cell phone.
  
  If I was writing a movie script that is what I would format in a montage. Buying the hardware in an electronics store with cash, and getting the open source OS tracking software needed.
  The profile art work.
  A pile of books and the handwriting of names, locations to induce the gov/mil malware to be used.
  Then the use of the cell phone to search the forbidden brands, locations and the spike in cell phone activity as the gov/mil malware becomes active.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:Three questions... by n329619 · 2018-01-16 15:23 · Score: 3, Informative
  
  1 - How can I tell if I'm infected?
  When you downloaded and installed the app.
  If you don't know if you downloaded or installed the app, you can tell it when your android device phoning home to a few ip like 54.67.109.199, or when it has one of these services that you do not initially have (AndroidAlarmManager, AndroidSystemService, AndroidSystemQueues, ClearSystems, ClipService, AndroidFileManager, AndroidPush, RegistrationService) or when your nonrooted device is somehow rooted. Source
  
  2 - Where can I get it?
  Go the Kaspersky Lab Research Report from the article, look at the bottom and find those links yourself.
  Disclaimer, your warranty is now void. This comment is not responsible for anything that may happen to your phone by installing the app. You do it at your own risk and take the responsibility upon yourself and you are not to blame the poster or anyone else.
  
  3 - How much does it cost?
  free as in herpes.
Android what a JOKE!!! by Anonymous Coward · 2018-01-16 10:07 · Score: 0, Funny

I will stick to a safe and professionally coded software like iOS, which is real Unix.
1. Re: Android what a JOKE!!! by Anonymous Coward · 2018-01-17 04:29 · Score: 0
  
  "coded"? Found the luser.
Sounds nasty by DigitAl56K · 2018-01-16 10:08 · Score: 5, Insightful

... and let me guess, 90%+ of Anrdoid devices today will never receive updates that close all the exploits this thing takes advantage of.
Android: For when you want to receive only semi-regular security updates for only a handful of models from a few manufacturers for a few years tops.
1. Re: Sounds nasty by Anonymous Coward · 2018-01-16 12:24 · Score: 0
  
  Yup, nobody will every get the security updates that don't require complete OS upgrades!
  What kind of stupid design would require an entire os upgrade to get security patches? Literally no os does that because it's a stupid idea
2. Re:Sounds nasty by Anonymous Coward · 2018-01-16 13:24 · Score: 0
  
  Or you could just install LineageOS on your phone. No spyware and keep getting updates for years.
3. Re:Sounds nasty by Anonymous Coward · 2018-01-16 13:36 · Score: 0
  
  Do those updates patch the root holes? I don't understand why Android allows root holes?
4. Re:Sounds nasty by Anonymous Coward · 2018-01-16 15:39 · Score: 0
  
  They should adopt the iOS attitude of actually slowing down the phones making older handset owners frustrated enough to buy a more up to date Android device. That approach works well.
5. Re:Sounds nasty by Anonymous Coward · 2018-01-16 21:49 · Score: 0
  
  unless you can't.
  I have a (out of service) phone where I couldn't install TWRP, a preliminary bootloader/flasher thing, because "FRP lock : ON"
  I have a very small hope of making it work by flashing the original software (but there are two versions)
  The other phone (cheap) has a non-Android OS, that's cool but there is not much to it as it's based on Firefox 28 (wow I can't believe it's 30 versions late!)
  Some Android 4.4 can be installed (needs Windows software). I shall do it ASAP before the links become error 404!
  It would be used strictly off-line perhaps for a single one application. namely openstreetmap, with an entire country.
  Hilariously both phones are very recent (2015)
6. Re:Sounds nasty by Anonymous Coward · 2018-01-16 22:07 · Score: 0
  
  I sometimes ran desktops heavily underclocked, due to cooling issue or not even needing the speed. And were not the latest, or were low end.
  On a phone I would like 1. no crapware, no spyware and 2. let me slow it down
  because often 99% of a computer use is reading text, writing text, playing music and watching video. We don't even need 1GHz for that!
7. Re:Sounds nasty by AmiMoJo · 2018-01-17 00:47 · Score: 1
  
  Actually no Android devices are vulnerable to this. You have to enable installing apps from your browser, download it, install it, and then agree to all the permissions it demands. It doesn't use an exploit to install itself, it uses social engineering with web pages made to look like legit ones offer app updates.
  The table of URLs is at the bottom of TFA.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
8. Re:Sounds nasty by Cute+Fuzzy+Bunny · 2018-01-17 04:38 · Score: 1
  
  Hmm, lets see. I bought a Nexus 6 three years ago for $189. It received updates until just recently. I just bought an Essential phone for $280. It'll get updates for at least a couple of years.
  How much are those iphones again?
9. Re: Sounds nasty by Anonymous Coward · 2018-01-17 09:29 · Score: 0
  
  I doubt you purchased a nexus 6 for $189 3 years ago. Considering the phone was damn near brand new.
  It's a 3 year old phone still selling for $~200
New features going untested by ArtemaOne · 2018-01-16 10:10 · Score: 1

Google's habit of having everything in beta for nearly, or completely, its lifespan leads to things like this. The new features are the ones majorly being exploited. Accessibility getting around security? That is a major screwup considering that Android phones don't get regular updates. Some lower cost phones will never receive a patch and will be compromised for the entire time it is owned.
1. Re:New features going untested by AvitarX · 2018-01-16 11:14 · Score: 1
  
  Accessibility pretty much must get around security.
  It needs to be able to read everything on the screen to function.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
2. Re:New features going untested by nasch · 2018-01-16 22:44 · Score: 1
  
  I don't think the accessibility features are all that new, are they?
CopperheadOS by Anonymous Coward · 2018-01-16 10:11 · Score: 0

Skygofree makes use of several Android exploits to do what it does. CopperheadOS is based on AOSP but the focus is on tweaking things for security and rebuilding everything with more conservative compiler settings (preferring security over speed).
To what extent are the latest builds of CopperheadOS vulnerable to Skygofree?
1. Re: CopperheadOS by c6gunner · 2018-01-16 12:23 · Score: 1
  
  CopperheadOS, as great as it is, is only available for a few devices. And given that it supports all the typical accessibility features I suspect it would still be vulnerable to this.
But, what about Meltdown? by GerryGilmore · 2018-01-16 10:15 · Score: 1

According to Conventional Wisdom(TM) Meltdown and Spectre are MUCH worse, leading to patchy BIOS updates, BSODs and varying levels of performance loss. Perhaps a dose of perspective, which this helps bring to the table, is in order - finally.
1. Re:But, what about Meltdown? by Anonymous Coward · 2018-01-17 05:21 · Score: 0
  
  But what about the Holocaust? Surely that must be worse. Yours has to be one of the lamest whataboutisms I've seen in a while. Bravo, sir.
Tell me why, again? by Rick+Schumann · 2018-01-16 10:20 · Score: 4, Funny

Tell me why, again, I should ever have a smartphone?

But Rick, you can't be one of the cool kids if you don't have one!
But Rick, you're a luddite if you don't have one!
But Rick, you're not interesting enough for anyone to spy on!
But Rick, you're obviously paranoid and wearing a tinfoil hat, you should just calm down and get one anyway!
..and all the other lame-ass crap people post when I say this.

If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!
1. Re:Tell me why, again? by jareth-0205 · 2018-01-16 10:58 · Score: 1
  
  If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!
  Better get that Intel-chipped laptop out then...
2. Re:Tell me why, again? by Anonymous Coward · 2018-01-16 12:03 · Score: 0
  
  Tell me why, again, I should ever have a smartphone?
  
  But Rick, you can't be one of the cool kids if you don't have one!
  But Rick, you're a luddite if you don't have one!
  But Rick, you're not interesting enough for anyone to spy on!
  But Rick, you're obviously paranoid and wearing a tinfoil hat, you should just calm down and get one anyway!
  But Rick, a dumb phone can still spy on you.
  But Rick, everyone else's smart phone can still spy on you.
  But Rick, you don't have "privacy" and you never did.
3. Re:Tell me why, again? by Anonymous Coward · 2018-01-16 12:18 · Score: 0
  
  I swear when I read your post that I was thinking, "hmm. is this some new Rick and Morty meme that I'm not aware of? It seems kinda lame. Then again, to be fair, you have to have a very high IQ to understand Rick and Morty." Then I looked at your username.
4. Re: Tell me why, again? by c6gunner · 2018-01-16 12:26 · Score: 1
  
  Maybe just don't install random crapware?
  When I was working support, I didn't blame laptops when users repeatedly installed bonzy buddy on them. I blamed the idiots who kept doing it over and over, and then kept bringing me the laptop whining about how slow it was.
  I suppose you would have just taken away their laptops and told them to go back to using pencils and paper.
5. Re:Tell me why, again? by tepples · 2018-01-16 12:29 · Score: 1
  
  Tell me why, again, I should ever have a smartphone?
  Because netbooks made for* GNU/Linux are no longer sold in major U.S. electronics showroom chains. What's less bad between a smartphone (or Android tablet) and a Windows 10 tablet or laptop?
  * "Made for" means shipping with or otherwise warranted to run.
6. Re:Tell me why, again? by Anonymous Coward · 2018-01-16 12:55 · Score: 0
  
  You're a fag, KYS.
7. Re: Tell me why, again? by Rick+Schumann · 2018-01-16 12:57 · Score: 1
  
  Read the article. Has nothing to do with installing anything. Your Android phone can be infected with this malware without you doing anything and you'll never even know.
8. Re:Tell me why, again? by Anonymous Coward · 2018-01-16 13:40 · Score: 0
  
  How does getting rid of my smartphone disable the NSA backbone tap? How does getting rid of my smartphone hide my earnings from the IRS? How does getting rid of my smartphone hide the EquiFax data used to steal my identity? How does getting rid of my smartphone prevent the power company from broadcasting my power usage over the air unencrypted?
  Oh I see. Getting rid of my smartphone does none of these things. Tell me again how to preserve my privacy? Because I'm confused, I thought it was a lack of respect for the law that was doing it! How silly of me.
9. Re: Tell me why, again? by c6gunner · 2018-01-16 13:43 · Score: 1
  
  Read the article. Has nothing to do with installing anything. Your Android phone can be infected with this malware without you doing anything and you'll never even know.
  Bullshit. Neither of the linked articles state anything to that effect. As a matter of fact, both of them state that the malware is primarily spread via "web landing pages" which mimick various carriers websites, and the original Kaspersky article gives example. All of their examples are links to APK files.
  So, essentially, what needs to happen is:
  1. User is somehow directed to a webpage which looks like a cellphone carriers website.
  2. Webpage asks the user to download an APK file.
  3. User downloads the file and then manually runs it.
  4. In most cases android pops up a warning saying that unknown sources are disabled by default, and refuses to install the APK.
  5. User manually tells android that external sources are OK.
  6. User runs the APK a second time and installs it.
  There are multiple steps in that process where an even remotely competent user should realise that something is wrong. I'm not sure how much more hand-holding you want your phone to do for you.
  Alternately, this malware could be bundled with a legitimate piece of software and somehow snuck on to the google play store, in which case android would not give you any warning about untrusted sources ... but you're still knowingly installing some piece of crap which you almost certainly don't need.
10. Re:Tell me why, again? by SlaveToTheGrind · 2018-01-16 14:40 · Score: 1
  
  If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!
  Whew -- good thing I just replaced it with a mobile multifunction, n'est ce pas?
11. Re:Tell me why, again? by HiThere · 2018-01-16 14:48 · Score: 1
  
  Actually, the further you go into the past, the more privacy you had. This was largely due to economics, of course. But in 1960 only draft age males had to carry an ID card, and nobody carried a phone. You could open a bank account with no proof of identity, etc.
  Before WWII nobody had to carry an ID card. Before 1910 almost nobody carried *any* government issued ID. Etc.
  (I may have gotten a couple of the dates a bit wrong, but it's about right. I'm not certain, e.g., that soldiers didn't carry official IDs during the Civil War: 1865.)
  It was about the time of the Civil War that Hollerith invented his card (now the IBM card) to store data for the census. Go back before than and all government record keeping was via hand written entries. Family Bibles were considered as authoritative and official records...though that might be slightly earlier.
  And, as I said, the reasons were all basically economic. But you need to figure in utility as well. The manpower required to retrieve records as quickly as a modern system would have been impossibly exorbitant. And it would also require an additional army of clerks to record the data in multiple copies and to verify that it had been recorded properly, etc. Totally impossible, but it can be condensed into an economic impossibility. It would have required more than the entire population of the country to manage the record keeping for the country. The problem probably scales O(2^n) when you have people doing the record keeping rather than machines. (I.e., it works fine for a small village.)
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
12. Re:Tell me why, again? by antdude · 2018-01-16 15:00 · Score: 1
  
  Just get rid of everything like Internet, computers, etc. Go off the grid! :P
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
13. Re:Tell me why, again? by Anonymous Coward · 2018-01-16 15:07 · Score: 0
  
  Some African tribes believed that if someone knows your real name, that person has supernatural powers over you. Others believe that if you take a photograph of them, you take a piece of their soul. Voodoo priests believe that taking a sample of hair or nail clippings is needed for a curse. Funny how a name and photograph and DNA samples are the most fundamental pieces of biometric data.
14. Re:Tell me why, again? by n329619 · 2018-01-16 16:12 · Score: 1
  
  Tell me why, again, I should ever have a dumbphone?
  ..and to all the other tech nerds post when I say this.
  If you want what's left of your privacy, and actual data security preserved, Get rid of your dumbphone and GET A PIGEON!
  Pigeon not only looks cool but can also delivery your message securely and safely without all those phone / network connectivity nonsense. In addition, each pigeon comes with its own bird-droppings delivery feature which is prefect for targeting those on your most hated list, like your neighbor! So why keep your dumbphone that you'll need recharging every other week? Get A PIGEON TODAY!
  Disclaimer: Pigeon message delivery training and pigeon food are not included. Pigeon may automatically activate bird-droppings delivery feature without prior notice. Pigeon not fed might poke your brain out, users are advised to feed pigeon daily for safety measure.
15. Re:Tell me why, again? by Anonymous Coward · 2018-01-16 21:25 · Score: 0
  
  Tell me why, again, I should ever have a smartphone?
  
  But Rick, you can't be one of the cool kids if you don't have one!
  But Rick, you're a luddite if you don't have one!
  But Rick, you're not interesting enough for anyone to spy on!
  But Rick, you're obviously paranoid and wearing a tinfoil hat, you should just calm down and get one anyway!
  ..and all the other lame-ass crap people post when I say this.
  
  Yep, I also used to think that having a smartphone was pointless.
  Then I got one, installed a console, text editor and compiler and now I can code while on the crapper.
  The input is impractical, but that only means that I think more and type less.
  
  If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!
  What does smartphones have to do with anything? They have been able to listen in on your cellphone way before smartphones were a thing.
  The only difference is how much data you put into it and if you wave the camera around or not, but to be fair my camera mostly shows either pocket lint or the table surface.
  If you have a cellphone at all you might as well go for a smartphone. Just don't put more personal info into it than you would with your previous phone.
  Also, you can probably use the web browser without thinking too much. It's not like they don't already know your surfing habits from your network traffic your stationary computer has. They don't even need to hack the computer, they just ask the ISP about traffic logs.
  And VPN or TOR won't really hide you that much. By inserting latency here or dropping a packet every now and then you can get a pretty good idea of how data is routed in the network.
  They don't even need to be absolutely certain that it was your packets. Unless you do something criminal and they want to put you to trial they only need to get a good hunch, and if you do something criminal they can't use the data and need to do parallel construction anyway.
16. Re:Tell me why, again? by nasch · 2018-01-16 22:48 · Score: 1
  
  What's less bad between a smartphone (or Android tablet) and a Windows 10 tablet or laptop?
  I think his suggestion is to not use a smartphone or tablet. Seems like throwing out the baby to me, but to each his own.
17. Re:Tell me why, again? by jouassou · 2018-01-17 02:38 · Score: 1
  
  In case you do need one at some point: CopperheadOS. Unfortunately, it only supports Nexus phones at the moment, but they provide a Google-free security-hardened android distribution with regular updates and no proprietary components. I'm not saying it's bullet-proof, but getting rid of the telemetry Google has built into Google Play Services and providing regular security updates is orders of magnitude better than the competition.
18. Re:Tell me why, again? by Cute+Fuzzy+Bunny · 2018-01-17 04:44 · Score: 1
  
  Quite some time ago, I applied for a lower cost, higher end insurance package that my agent said would be good for me, but would require a huge background check. I've held a top secret and nuclear Q clearance, and this investigation felt about the same.
  Bearing in mind that this is pre-internet, at one point they asked me about any relationship I might have had with the ex husband of an ex girlfriend I hadn't even seen in years. Turns out he'd been involved in some insurance fraud. About all I could think that we'd ever shared that could connect us was a Blockbuster video card. Yet somehow they'd established those linked relationships.
  Today your credit report, what you buy on your credit cards, what you buy with a store rewards card are all collected and collated. Your picture or video of you is taken dozens of times per day.
  I don't think getting rid of a smartphone would do much for you, and any ideas of privacy or keeping your information a secret went out the window a LONG time ago.
19. Re:Tell me why, again? by Anonymous Coward · 2018-01-17 05:28 · Score: 0
  
  Tell me why, again, I should ever have a smartphone?
  Be honest, Rick. Does anyone really care whether or not you have a smartphone?
20. Re: Tell me why, again? by Rick+Schumann · 2018-01-17 05:33 · Score: 1
  
  >implying most people are 'remotely competent'.
  They're not. I am orders of magnitude more 'competent' than the average smartphone user. Therefore I refuse to own one. I'm on the verge of dumping wireless entirely in fact, really don't use it enough to justify it.
21. Re:Tell me why, again? by Rick+Schumann · 2018-01-17 05:34 · Score: 1
  
  If you care about your privacy and security then maybe you should think twice about using "always on" wireless devices like these.
22. Re:Tell me why, again? by Rick+Schumann · 2018-01-17 05:41 · Score: 1
  
  Oh okay guess there's nothing I can do about anything so why even try, I'll just get every always-on device on the planet like most of you seem to do, put cameras everywhere too (for my SAFETY of course!), get a Facebook and Twitter account again, share EVERY SINGLE ASPECT of my daily life with the whole world, and be like a frog on a dissection tray, splayed open for every government agency and corporation that wants to know any little fucking thing about me, including what kind of porn I like, how and when I masturbate, and what my last bowel movement was like. FOR MY PROTECTION, OF COURSE; since all the above only EVER have my best interests at heart!
  
  Or I can continue to not be an abject yellow-bellied coward that knuckles under to violations of my human rights like most people and FIGHT BACK any way I can.
23. Re:Tell me why, again? by tepples · 2018-01-17 05:59 · Score: 1
  
  Yep, I also used to think that having a smartphone was pointless.
  Then I got one, installed a console, text editor and compiler and now I can code while on the crapper.
  What's the advantage of buying a smartphone and using that on the crapper over buying a laptop made for GNU/Linux and using that on the crapper?
24. Re: Tell me why, again? by c6gunner · 2018-01-17 06:06 · Score: 1
  
  I'm on the verge of dumping wireless entirely in fact
  Good plan, Rick. Just stick to that paper and pencil.
25. Re: Tell me why, again? by Anonymous Coward · 2018-01-17 09:34 · Score: 0
  
  Apparently,'rick does.
Read the name as "SkyGoatse". by Anonymous Coward · 2018-01-16 10:22 · Score: 1

And the holes it opens are bigger.
This reads more like an advertisement. by Fly+Swatter · 2018-01-16 10:26 · Score: 2

And less like a warning for a product that you can apparently find by looking towards an Italian Security company.
-Remember that internet thing? It didn't end well.
I like old stuff by AndyKron · 2018-01-16 10:40 · Score: 1

I'm never giving up the dial phone hanging on my wall.
1. Re:I like old stuff by HumanWiki · 2018-01-16 10:48 · Score: 1
  
  Make sure you ignore that resistor I placed across your tip/ring.
  Or that man down the way a little bit using a buttset. I'm sure he's not making LD calls.
2. Re:I like old stuff by freeze128 · 2018-01-16 11:42 · Score: 1
  
  Never gonna give, never gonna give, (Give you up!)
not so safe. by tuppe666 · 2018-01-16 10:55 · Score: 1

I will stick to a safe and professionally coded software like iOS, which is real Unix.
Many people are grateful of those many naked celebrity photos from Apple. After apple crippling users phones I am astonished anyone would buy from them. They continue to be ethically bankrupt.
1. Re:not so safe. by mark-t · 2018-01-16 11:45 · Score: 2
  
  While I was less than thrilled about Apple's lack of transparency over slowing down the older phones, I thought that all things considered, their efforts were still lengthening the useful life of the devices impacted. Working slower is better than not working, period.
  
  --
  File under 'M' for 'Manic ranting'
2. Re:not so safe. by Anonymous Coward · 2018-01-16 11:49 · Score: 1
  
  are you moron? leaked photos afaik were retrieved with stolen or easily-guessed password via iCloud not directly from iOS. or from phone repairing shop. educate yourself before commenting such
3. Re: not so safe. by Anonymous Coward · 2018-01-16 12:22 · Score: 0
  
  So you'd rather get a slower device that will completely die unexpectedly (done people would assign blame to other factors like app boat) instead of one that dies under heavy load but can be restarted (as the battery isn't that far gone yet, since it's effects aren't being hidden)... Everyone else, if they suspect a failing battery, can simply turn on the power saving mode and configure it to what they feel is important?
4. Re: not so safe. by mark-t · 2018-01-16 12:31 · Score: 1
  
  "die unexpectedly"??? Citation, please. Undesired app slowdown sure... but where did you read that it caused the devices to become bricks?
  
  --
  File under 'M' for 'Manic ranting'
5. Re: not so safe. by tepples · 2018-01-16 12:33 · Score: 1
  
  So you'd rather get a slower device that will completely die unexpectedly (done people would assign blame to other factors like app boat) instead of one that dies under heavy load but can be restarted (as the battery isn't that far gone yet, since it's effects aren't being hidden)
  Yes. The former (automatic power save once battery weakens) allows me to dial emergency services or hail a ride until such time as I can schedule a battery replacement. The latter does not.
6. Re: not so safe. by nasch · 2018-01-16 22:43 · Score: 1
  
  "Die" meaning "turn off" not "become a brick".
7. Re: not so safe. by mark-t · 2018-01-17 02:46 · Score: 1
  
  No, I meant where did you read that their slowdown would cause the device to turn off unexpectedly?
  
  --
  File under 'M' for 'Manic ranting'
8. Re: not so safe. by nasch · 2018-01-17 04:06 · Score: 1
  
  It's been all over coverage of the issue. That is the explanation Apple gave for why they did this. Without the patch, if the system requested more voltage than the battery could deliver, it would just shut off. By throttling the processor, the peak voltage demand is decreased and the device can keep running.
9. Re: not so safe. by mark-t · 2018-01-17 06:31 · Score: 1
  
  That was what I saying from the beginning:
  
  While I was less than thrilled about Apple's lack of transparency over slowing down the older phones, I thought that all things considered, their efforts were still lengthening the useful life of the devices impacted. Working slower is better than not working, period.
  Slowing down the device enabled it to keep working... yet, the AC to whom I responded above stated:
  
  So you'd rather get a slower device that will completely die unexpectedly (done people would assign blame to other factors like app boat) instead of one that dies under heavy load but can be restarted...
  Which is what prompted my query for a citation, because as far as I was aware, Apple's patch did exactly the opposite. I was even clear on the point that I was asking about info on the claim about dying unexpectedly, so I'm not sure where you got the idea that I was ever saying that the patch caused it to die.
  
  --
  File under 'M' for 'Manic ranting'
10. Re: not so safe. by nasch · 2018-01-17 08:13 · Score: 1
  
  Oh I see... I'm not sure what he meant by that. Sounds like he misunderstood something. Sorry to add to the confusion.
It is an implant software by 140Mandak262Jamuna · 2018-01-16 11:07 · Score: 1

Skygofree is a reminder that so-called implant software sold to governments and police forces, sometimes in countries with poor human rights records, remains a threat to people using a wide variety of devices and operating systems.
It looks like it is a product sold to security agencies and police forces around the world. They might force the installation of this software by the sellers in their countries, or install it once they arrest the dissident. It is a spyware alright, but it might not be a garden variety virus that infects you unbeknownst to you.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re: It is an implant software by Anonymous Coward · 2018-01-16 12:16 · Score: 0
  
  "automatically record conversations and noise when an infected device enters a location specified by the person operating the malware"
  Not useful to hackers at all, this shit is state sponsored.
I guess now that Kaspersky is deemed "evil" ... by Anonymous Coward · 2018-01-16 11:22 · Score: 1

... they have no reason to adhere to NDAs by the various terror... err, I mean spying... err, I mean not stupidity but "intelligence" organizations, and can finally leak all the nasty shit.
I hope.
At least you sometimes get added features. by Anonymous Coward · 2018-01-16 11:26 · Score: 0

Instead of just "morer simplurer, durr", as is customary with "the other one".
I agree though... anything that doesn't support me installing an open-source OS, thanks to driver availability, is defective by design.
But hey, gotta make a profit! Not actually earn anything. Let alone work for the money! Nah, work as little as possible, and all the rest of the income is basically ... stolen.
Kaspersky by Anonymous Coward · 2018-01-16 12:01 · Score: 1

Tell me again why I shouldn't get the antivirus that catches the real bad guys?
1. Re:Kaspersky by Anonymous Coward · 2018-01-16 12:43 · Score: 1
  
  If you ignore the silliness about the alleged Kremlin entanglement and just evaluate the product on its merits, Kaspersky is pretty good. I didn't notice much impact on system resources save memory, but I've got plenty so it wasn't a problem. Browsing was slightly slowed be, not too bad. Actually my biggest beef with the product is that it's very, very chatty with Kaspersky servers. Even when you go through the configuration (which is extensive on advanced mode) and try to turn off all the options and features that could conceivably require network access, it still manages to phone home regularly to Kaspersky's global network of servers. About the only time I like a product like that to access the network is to autoget new signatures and notifications that there is a new update for the software and that's it. Unfortunately, I couldn't get Kaspersky to shutup, so I had to remove it. YMMV.
2. Re:Kaspersky by AHuxley · 2018-01-16 13:50 · Score: 1
  
  Help find the next Skygofree, Stuxnet, Equation Group.
  https://en.wikipedia.org/wiki/...
  Wonder what many other nations top AV brands do all day?
  
  --
  Domestic spying is now "Benign Information Gathering"
Does nobody remember Back Orifice? by Anonymous Coward · 2018-01-16 12:38 · Score: 0

We had this back in 1999 and probably even before.
I used it and its successors for administration, before remote desktop solutions became commonplace.
Yes, you could do really shitty things with it. But as an admin, and it being my very first job ever, I wanted anything, but to come across as creepy. So I told everyone about it, and installed it in a way that they could be asked if they consented, before me doing anything but ask that. (Usually I had them on the phone anyway.) The only fun thing I did with it, was, during such a support session, offering the user a coffee cup holder *CD drive tray slides out*.
Misconception by fluffernutter · 2018-01-16 12:46 · Score: 1

I came to this article thinking they were talking about Google Home!

--
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
So is... by Anonymous Coward · 2018-01-16 18:12 · Score: 0

"Italy-based IT company that markets various surveillance wares" a euphemism for Hacking Team?
Advertisement for Windows and Skype by Anonymous Coward · 2018-01-16 20:37 · Score: 0

It is an advertisement for some amazing features, since it is claimed to be able to run Windows and Skype on Android.
1. Re:Advertisement for Windows and Skype by Anonymous Coward · 2018-01-17 05:44 · Score: 0
  
  It is an advertisement for some amazing features, since it is claimed to be able to run Windows and Skype on Android.
  Reading comprehension doesn't always come naturally, I know.
Offensive by nasch · 2018-01-16 22:49 · Score: 1

"Offensive security product"? Is that like "spending cuts in the tax code"?
Anti-Malware? by Anonymous Coward · 2018-01-16 23:23 · Score: 0

What are some good, legitimate and effective anti-malware scanners, one can install on Android phones and tablets? Don't know much about them, but SO has a couple devices.
How deep can a scan go anyway? Doesn't all scanning occur in simple user space?
Appreciate any feedback!
Does it require human intervention to install? by Rexdude · 2018-01-17 20:54 · Score: 1

That's the only relevant question here. Until drive-by downloads are a thing on Android, the only victims will be the common sense impaired.
- Stick to Play Store if you don't know what you're doing, and check the developer name, reviews and number of downloads of whatever app you plan to download for any red flags. Better still, stick to well known, popular apps.
- Keep the 'install apps from unknown sources' setting at its default state of unchecked if you're not smart enough to differentiate between malicious and benign 3rd party APKs.
- You don't need any sort of antivirus app on Android. This isn't Windows XP circa early 2000s where using IE6 would get you infected with silently installing malware.

--
"..One hosts to look them up, one DNS to find them, and in the darkness BIND them."