Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

They're Spying On You: Hacking Team Mobile Malware, Infrastructure Uncovered

timothy posted about 3 months ago | from the leviathan-has-a-posse dept.

Government 48

msm1267 (2804139) writes Controversial spyware commercially developed by Italy's Hacking Team and sold to governments and law enforcement for the purpose of surveillance has a global command and control infrastructure. For the first time, security experts have insight into how its mobile malware components work. Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting Hacking Team's Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. Adds reader Trailrunner7: [T]he report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. The new modules enable governments and law enforcement officers with extensive monitoring capabilities over victims, including the ability to report on their location, steal data from their device, use the device's microphone in real time, intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more.

cancel ×

48 comments

Sorry! There are no comments related to the filter you selected.

But... (1)

Anonymous Coward | about 3 months ago | (#47306203)

...it's to keep us FREE! They said so.

Someday we will be required to have cellphones (4, Funny)

Squidlips (1206004) | about 3 months ago | (#47306243)

For our own protection of course. And that someday is coming soon. How much longer can Richard Stallman and I hold out on owning one of these dream (Stalin's) -machines?

Re:Someday we will be required to have cellphones (1)

Anonymous Coward | about 3 months ago | (#47306291)

Stallinman is communist anyway.

Re:Someday we will be required to have cellphones (0)

Anonymous Coward | about 3 months ago | (#47306329)

Yes, I'm an Anonymous Coward because they're watching. One wonders just how complicit Big Tech is in all of this. Do they provide back doors?

Re:Someday we will be required to have cellphones (1)

tlhIngan (30335) | about 3 months ago | (#47306635)

For our own protection of course. And that someday is coming soon. How much longer can Richard Stallman and I hold out on owning one of these dream (Stalin's) -machines?

Is it any surprise they're in Italy? Where the per-capita cellphone ratio is over 2? Yes, they really like their cellphones, and most people have two, or three. Work phone, play (domestic life) phone, and a third just because ("mistress" phone).

Heck, the worldwide number of cellphones has recently exceeded the population of the world.

And even though you have a cellphone, you can always turn them off or not have it with you. (I generally leave my cellphone at my desk, even if I wander off. Yes, I can be unreachable). It's like having a facebook account - just because you have one doesn't mean you have to post your entire life onto it - my facebook page just has a photo. I've never posted a single thing, nor do I intend to.

Re:Someday we will be required to have cellphones (0)

Anonymous Coward | about 3 months ago | (#47306953)

Doesn't mean there is no data on you.

Maybe you are logged in to your facebook account, which means that every site you visit that loads the "like" button will be sent to facebook. They can analyze patterns there. Or just the people you have added in your facebook. That is some great information.

Facebook, just as google, goes pretty deep.

Re:Someday we will be required to have cellphones (1)

Gr8Apes (679165) | about 3 months ago | (#47309363)

which is why blacklisting both google and facebook locally is a good practice, just like washing your hands.

Re:Someday we will be required to have cellphones (0)

Anonymous Coward | about 3 months ago | (#47310127)

which means that every site you visit that loads the "like" button will be sent to facebook

Firefox + NoScript

Re:Someday we will be required to have cellphones (0)

Anonymous Coward | about 3 months ago | (#47311745)

Facebook has an image hosted on their servers for the like button. When you look at that image, Zuckerberg looks back at you. This is one of the few cases where APK's solution is actually good.

Re:Someday we will be required to have cellphones (0)

Anonymous Coward | about 3 months ago | (#47306641)

Add British movie director Christopher Nolan to your list. He claims that he doesn't own a cellphone either. Now there's three of you.

Re:Someday we will be required to have cellphones (1)

Gr8Apes (679165) | about 3 months ago | (#47309377)

Own a cellphone, leave it in random locations, share it with friends, make things really confusing.

Re:Someday we will be required to have cellphones (1)

antdude (79039) | about 3 months ago | (#47310471)

I hope not. I still don't own a mobile phone like Richard Stallman. If it is enforced, will we get a cellphone for free? Was landline phone service ever required for Americans from the laws?

Yawn (0)

Anonymous Coward | about 3 months ago | (#47306251)

OMG, are they spying on us? Who would have thought!

They mention "uninstall" and "wipe" but not how to (1)

Lexible (1038928) | about 3 months ago | (#47306257)

So: how to prompt such malware to uninstall itself on one's devices?

Re:They mention "uninstall" and "wipe" but not how (2)

JaredOfEuropa (526365) | about 3 months ago | (#47306317)

Better to not install it in the first place. The article mentions targeted attacks: "Once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days; and local infections via USB cables while synchronizing mobile devices". Sounds like stuff you can avoid with some care. They also mention that the trojan will not work on un-jailbroken iOS devices.

iOS malware only works on jailbroken devices!! (3, Informative)

Noah Haders (3621429) | about 3 months ago | (#47306549)

iOS malware only works on jailbroken devices!! FTFA:

Taking a deeper dive into the malware, Kaspersky and Citizen Lab learned that the iOS version of the RCS Trojans hits only jailbroken devices. Pristine iPhones are also vulnerable if an attacker can remotely run a jailbreaking tool such as Evasi0n and then load the malware implant.

So I know there will be a lot of shouts here of 'see! iOS is vulnerable just like android!" this only works for people who have chosen to expose themselves to malware. also raises a lot of questions about who are the secret teams behind these jailbreaking kits. Especially with the new news of the new jailbreaking kit out of china [cnet.com] .

don't jailbreak, don't get pwned.

Re:iOS malware only works on jailbroken devices!! (2)

Lexible (1038928) | about 3 months ago | (#47307425)

And you also answer the question by way of spreading FUD about taking control of one's own general purpose computer like a complete jackass.

My question was: given that the researchers identified ways to uninstall/trigger wipes of the malware from one's phone, how does one go about doing so? "Don't jailbreak an iphone." is not an adequate answer to that question.

Re:iOS malware only works on jailbroken devices!! (1)

Noah Haders (3621429) | about 3 months ago | (#47308907)

Actually the FUD is in the summary, where it says that android and iOS phones are vulnerable. it's more accurate to say androids and jailbroken iPhones. if you haven't jailbroken your iPhone, then according to this research it is not vulnerable. This is just anti-apple FUD to tear them down.

in terms of avoiding malware, the suggestion "don't jailbreak your iPhone" is actually an excellent suggestion. Kinda like a strategy to avoid STDs: "don't sleep with whores". for all that slashdot raves about the safety of open source code etc, you think there would be more caution about running unknown code from unknown developers whose purpose is to override your phone's security settings.

Nope:iOS malware only works on jailbroken devices (1)

Lexible (1038928) | about 3 months ago | (#47309193)

I notice that you are still not answering the question How to wipe an infected device. Is basic reading comprehension too challenging for you?

Re:Nope:iOS malware only works on jailbroken devic (1)

Noah Haders (3621429) | about 3 months ago | (#47311735)

short answer, you can never know that the phone has been sanitized. First, you'll never even know if you've been infected. Then, even if you go back to a full phone wipe, who knows what was planted in the BIOS or something. Basically, you have to throw out the phone, because it's been pwned 4evar.

Re:iOS malware only works on jailbroken devices!! (1)

AHuxley (892839) | about 3 months ago | (#47311423)

Re "don't jailbreak, don't get pwned." would be great if the jailbreak aspect was complex and had a few GUI steps that a user would see or have to be fooled into doing.
Another computer or person can "jailbreak" a device of interest in a way that the person been watched would not be aware of.
ie you get the users password and its a background like task that is never noticed. ie infect the computer, then you get details on the connected devices, then you can jailbreak. No user interaction needed :)

Re:They mention "uninstall" and "wipe" but not how (1)

Lexible (1038928) | about 3 months ago | (#47306857)

Way to not answer the question by way of spreading FUD about taking control of one's own general purpose computer, jackass. My question was: given that the researchers identified ways to uninstall/trigger wipes of the malware from one's phone, how does one go about doing so? "Don't jailbreak an iphone." is not an adequate answer to that question.

Re:They mention "uninstall" and "wipe" but not how (1)

AHuxley (892839) | about 3 months ago | (#47311497)

What are the options for a uninstall/trigger wipe?
Could a unique telco call carry the needed 'off' layer without "ringing"/user been notified?
Could wifi be turned on and a site visit in range send the "off" instruction from a street, shop, cafe?
Could net connection be used to send the "off" instruction?
Could malware in a users computer be waiting to issue that command next time connected?
Consumer devices have many options to connect :)

When you go to the bathroom (0)

Anonymous Coward | about 3 months ago | (#47306265)

Take your phone...at least they will listen to the song of your people.

That's it (4, Funny)

symes (835608) | about 3 months ago | (#47306267)

I'm dusting off my old Motorola 8000 DynaTAC.

Victims? (1)

jythie (914043) | about 3 months ago | (#47306313)

Interesting choice of words there. 'Victims' and 'suspects' carry pretty different implications with them.

Re:Victims? (1)

disposable60 (735022) | about 3 months ago | (#47306395)

Perspective - one side's Freedom Fighter is another's Terrorist. cf: LEO::Jack-booted Thug

Re:Victims? (1)

Rob the Bold (788862) | about 3 months ago | (#47306631)

Interesting choice of words there. 'Victims' and 'suspects' carry pretty different implications with them.

It makes sense the way it's used. If someone is a "suspect" according to their government, that is someone suspected of a crime, then that government probably has straight-up legal means of eavesdropping on them. OTOH, someone who is being spied on via a surreptitiously installed piece of malware might be more properly called a "victim," since the implication is that the spying is being done in an extrajudicial manner by governments or other parties.

Of course, one could be both victim and suspect. Or be spied on by more than one party.

And of course, laws and regulations vary by country, which I add since surely some Slashdotter will feel compelled to point this out anyway. And that Slashdotter may not be named "Shirley".

If You Want to Be Safe & Secure Go With Micros (1, Funny)

Anonymous Coward | about 3 months ago | (#47306347)

Because Windows Phone is THE ONLY secure smart phone you can buy!

Theft of services (0)

Anonymous Coward | about 3 months ago | (#47306363)

We need to be provided free unlimited internet access if these idiots are going to steal all of our paid for bandwidth. If I plug into someones electricity, I can be prosecuted for theft of services, same with their land lines, garbage removal, cable tv, etc... How is this different?

Re:Theft of services (1)

Squidlips (1206004) | about 3 months ago | (#47306431)

Nope. Sorry. You have to PAY for the privilege of being spied on. It is the American way.

Re:Theft of services (0)

Anonymous Coward | about 3 months ago | (#47310329)

American way
Italy's Hacking Team
has a global command and control
326 servers outed in more than 40 countries
Monk School of Global Affairs at the University of Toronto
during an event in London

Re:Theft of services (2)

Bob the Super Hamste (1152367) | about 3 months ago | (#47306463)

It is the government, that is why! Now shut up and provide the agents the necessary resources to violate your rights.

The biggest problem I see in perusing such charges is finding out who put it there. After that you would need to find a court that will rule in your favor and not be swayed by we need to stop those communist fascist terrorist kiddy diddlers arguments.

Will upgrading iOS remove this? (1)

oddbox (756040) | about 3 months ago | (#47306365)

How do you think an upgrade / restore will deal with this? The article says that non-jailbroken devices are safe, unless a connected computer jailbreaks it first. Don't Apple have means to discover if a device has been jailbroken, and thus remove all such malware during a proper upgrade or restore? What do you guys think? And, what about how to discover such a hack, now that they are known?

Re:Will upgrading iOS remove this? (1)

DocSavage64109 (799754) | about 3 months ago | (#47307337)

The one time I jailbroke my phone, I couldn't update it to the newest iOS. This attack seems rather easy to notice if your phone suddenly refuses to allow any updates.

Re:Will upgrading iOS remove this? (1)

grub (11606) | about 3 months ago | (#47308435)

Some apps have jailbreak detection and will not run, or issue a warning, on jailbroken iOS devices. An app called "Divide" used for keeping work data via MS Exchange (mail, contacts, calendar, etc.) separate from your normal stuff is one.

I call Alarmism (4, Interesting)

wannabgeek (323414) | about 3 months ago | (#47306373)

I did RTFA and found this gem: "the iOS version of the RCS Trojans hits only jailbroken devices". Also
“Once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days; and local infections via USB cables while synchronizing mobile devices,”

So, ya, while this is bad, it is not in the same league as what NSA's surveillance of everyone and everything is.

info@hackingteam.com (0)

Anonymous Coward | about 3 months ago | (#47306377)

Via della Moscova 13 20121 - Milano - Italy - Ph. +39 02 29060603 Fax +39 02 63118946

Pigs at the trough (3, Insightful)

Squidlips (1206004) | about 3 months ago | (#47306455)

So with so many bad actors all stealing our cellphone data, how do they avoid stepping on each others toes? It must get crowded on our cellphones with all the malware competing for our data. Oink, oink

Re:Pigs at the trough (1)

Errol backfiring (1280012) | about 3 months ago | (#47306541)

They don't. They operate at different levels, so they may be listening to an extra "backup" data flow. I rather think they use each other. It is too convenient for "intelligence" agencies not to tap into the already existing camera and audio feed from another spy.

Re:Pigs at the trough (1)

AHuxley (892839) | about 3 months ago | (#47310507)

Some get given a free mirror of your nations backhaul (NSA, GCHQ).
Some get given a free mirror of your cities telco towers (federal law enforcement, your mil).
Some have to use devices at the street level that become a fake cell tower to track people.
At every level of international, national or local clandestine surveillance you have groups, individuals and multinationals with products and survives to sell, rent or service.
Your average telco is also bound by international conventions to use standard junk encryption and surveillance friendly telco equipment.
The cash flows from every level of law enforcement and the mil for new products and services to track dissidents, protesters as they are found or long term.
The fact that dissidents, protesters are so open to interviews, blog, web 2.0 makes any digital device, service they use a way in.

I am no longer responsible for what goes across (0)

Anonymous Coward | about 3 months ago | (#47306767)

With this many bad actors having access to our devices, how can any court or capable attorney allow any defendant to be prosecuted for what is on their phone or other device. I would think reasonable doubt would exist when it can be shown that multiple outside people/companies have full access to remove and place files on our phones.

Re:I am no longer responsible for what goes across (1)

AHuxley (892839) | about 3 months ago | (#47310599)

As the news from the US shows with "parallel construction" all the digital aspects are cleaned up before any defendant and their legal team get a look at a case presented by the gov.
Local law enforcement know federal/mil/contractor/private sector help with "parallel construction" is totally wrong. The local law enforcement put on a good show to hide the origins of cases or try to seal early case work and present more legally sound evidence.
Thankfully whistleblowers, good legal teams, law reform groups, politicians and the press are now more aware of the role federal/mil/contractor/private sector play in the court cases.
The other method is the idea of a sealed court where a gov expert just presents the logs/digital aspect without public comment or any legal challenge.

Leave Britney Alone! (1)

ozzy85 (1427363) | about 3 months ago | (#47307335)

What more do you want to know about her, myself, and my lolcat?

Broken Link in Article (1)

NerdyLove (1133693) | about 3 months ago | (#47308145)

Re:Broken Link in Article (1)

NerdyLove (1133693) | about 3 months ago | (#47308165)

Eh, it's working now with /106827. Must have been slashdotted. Sorry!

Jailbroken claim rat-trap? (0)

Anonymous Coward | about 3 months ago | (#47312377)

I'm not saying people should jailbreak their phones to *avoid* this. Clearly jailbroken phones are less secure in some ways than those that are not, but to me this is the equivalent of Microsoft saying "don't crack our software, you'll be safer", when they're long, long since known to be government bend-overs.

Keep Your Messages Private -- With IONU (1)

rowyn_vanm (3700041) | about 3 months ago | (#47325005)

By downloading IONU's app, or installing it on your computer, you don't have to worry about who will see your messages. IONU offers an encrypted messaging service so you can ensure that your message doesn't end up in someone else's hands. Learn more about IONU and download it here: https://ionu.com/download [ionu.com]
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?