Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Security

Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed 92

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.
This discussion has been archived. No new comments can be posted.

Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed

Comments Filter:
  • Whose law? (Score:4, Interesting)

    by Noah Haders ( 3621429 ) on Wednesday July 22, 2015 @10:51AM (#50160937)

    Sold malware within the limits of the law? Whose law? Not my law. By my law a man looks another man in the eye before stabbing him in the heart, and doesn't sneak up on him to stab him in the back.

    • Sold malware within the limits of the law? Whose law?

      Brannigan's Law [wikia.com].

    • Every time I read the word "law" now, I replace it with "injustice".

    • Something being with in the law doesn't make something right or just.

      It only makes it legal.

      • Spot on.
        Note to government: you may be my accountant, my arbiter, my bodyguard and my insurance agent, but you are not my dad. Stop acting like it.
    • The law of the country in which the company was based. Your personal law means diddly squat. By my law men name Noah are cast to the wolves as food. Noah, what a dumb name.
      • Re:Whose law? (Score:4, Interesting)

        by SharpFang ( 651121 ) on Wednesday July 22, 2015 @11:31AM (#50161311) Homepage Journal

        There are countries (including the US) that do consider certain acts committed outside of their borders, not by their citizens, that only indirectly affect their country or citizens, as full crimes, to be persecuted and the guilty to be extradited, regardless of laws of the countries where these "crimes" were committed.

        So, if given country has a law against aiding unauthorized entities from spying on their citizens, and the firm sells the software to these entities, it is committing a crime. And while extradition or direct consequences are unlikely, they are not impossible, especially if employees of the firm ever visit the country in question.

    • Sold malware within the limits of the law? Whose law?

      Cole's Law

      / thinly sliced cabbage, rice wine vinegar, a dab of (Duke's) mayo.

    • My laws say "no stabby".

      Heart, back, dick, I don't care. NO. STABBY.

  • Ok, so... (Score:2, Insightful)

    by Anonymous Coward

    Awesome. So when's the patch coming out?

  • by Opportunist ( 166417 ) on Wednesday July 22, 2015 @11:04AM (#50161063)

    Killing Jews was strictly within the law of Nazi Germany.

    What is wrong is wrong. Within the law or outside of it, there are certain things that make you an asshole when you do it.

    Supporting oppressive regimes is such a thing. Yes, it's legal to deal with them. Yes, it's legal to sell them your shit. Yes, you're still an asshole for doing so. A legal asshole if you want to, but at the end of the day, you're still just full of shit and nobody wants to touch you.

    • by wbr1 ( 2538558 )
      However, within an individuals social connections, that rarely comes into play. The buddies these developers bowl, and drink beer with just know they are in IT or software development. there is no uniform that says look at me.. I am a dbag and sell spy tools to asshole countries.
      • No, but these douchebags now ruin it for the rest of us. So far that whole shit didn't hit mainstream media too hard, but when it does, do you think that you could sensibly tell anyone anymore that you're in ITSEC? People will treat us like we're working for the fucking Stasi or something.

        And that alone is enough for me to want them kicked in the nuts, hard and repeatedly. Fuck, I'd do it myself if those fuckers weren't even worth a nanosecond of jail time.

    • Killing Jews was strictly within the law of Nazi Germany.

      I would not bet on that. While Germany and Germans may have been pedantically detail oriented and had a desire to fulfill the letter of the law, the NAZI party never really had those habits. Even after it was technically legal for Hitler to write up any law he wanted, he often didn't bother. They would write up laws that sounded good to the German people and announce them, and then promptly ignore and break them. Anybody asking too much about the legality of their actions usually found themselves threatened

  • A request ... (Score:5, Insightful)

    by gstoddart ( 321705 ) on Wednesday July 22, 2015 @11:08AM (#50161095) Homepage

    Hey, if there's any angry hackers out there, will someone please ruin these assholes lives?

    Because if anybody deserves to be fucked with by the internet, it's these clowns.

    kthanksbye

    • by emil ( 695 ) on Wednesday July 22, 2015 @11:33AM (#50161331)

      The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.

      This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.

      LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.

      • The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.

        This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.

        LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.

        Wow!!! You mean that intrinsic APPS can't even be UPDATED on Android without updating the OS???

        Wow. Just. Wow.

        What? Did an eight-year-old write Android? Is that why it has that ridiculous, childish name? Why not just call it "Buzz Lightyear" and be done with it?

        • I'm really curious about your opinion on Apple device's names.
          Do you think that calling something "i" as in "myself" plus "general name for the product" isn't ridiculous? Why not? Do you perceive it as mature (adult-like)?

          How would you rank the ridiculousness of the names Microsoft, Apple and Google? And of Windows, iOS and Android? How would they rank in childishness? Why? Do you make other comparisons to justify them?

          Since I'm not an Apple fan, I rationalize in ways to criticize them, like you did with b

          • Do you think that calling something "i" as in "myself" plus "general name for the product" isn't ridiculous? Why not? Do you perceive it as mature (adult-like)?

            LOL!

            The "i" prefix on Several Apple products in the late 1990s and early 2000s is not indicative of the personal pronoun "I" (notice the capitalization), as in "I, Robot", but rather, the "i" in "Internet" (small "i"). Silly as it seems now, the fact that, in 1999, you could take an iMac (the first "i" Product") out of the box and connect (via dialup, using the iMac's built-in MODEM) to the interwebs in two easy steps in about five minutes was quite a revelation. Apple even had a popular TV ad and a catch [youtube.com]

            • I'm really curious about your opinion on Apple device's names.

              It was an informed opinion.
              Thanks. Very interesting. Would mod you up if I could.

              • I'm really curious about your opinion on Apple device's names.

                It was an informed opinion. Thanks. Very interesting. Would mod you up if I could.

                And thank YOU for allowing facts to sway your opinion. So rare on Slashdot!!!

        • Not sure how it works under the hood as I've never cared for it on that level of detail, but system apps do receive updates on Android. I assume they come in the form of binary overlays, as you have the option of uninstalling them, while this option is denied you for the actual app. Uninstalling the updates reverts the app to its original feature set. And replying out of band here, but w.r.t. the i-naming for Apple products: never knew it stood for Internet (also should've been capitalised then), but whate
    • by wbr1 ( 2538558 )
      Given this data dump I would say someone has and is probably still trying to.
  • by Hall ( 962 ) on Wednesday July 22, 2015 @11:09AM (#50161109)

    Sounds like a lot of different Android apps. The Facebook app can do most of the same things, as can Chrome, and so on....

  • Is there a tool to check and see if you've been infected?
  • A bunch of soulless, fascist fucks that have proven that they deserve to live in Guantanamo Bay as honored guests, like the rest of the terrorists residing there.
  • Never have I been so happy to have an old, old Nokia phone that can't load apps, doesn't run on iOS or Android, and is pretty much immune to all of this fancy hacker-bullshit. Yeah, maybe I'm a throwback, but at least I'm not worried about having my phone cornholed by some crap-ass company or hacker.

    No, I can't watch movies on my phone (that's what I have a TV for, hello?) and no I can't find out the temperature on Mars, but guess what? I don't want to.

    I want to 1) make calls, 2) take calls, and 3) m
    • by AuMatar ( 183847 )

      Actually, all those phones have J2ME embedded and do allow downloading of apps. Its probably more exploitable due to age and lack of updates than a secured modern smartphone. There's just not enough of you in rich enough countries to bother.

      • > Its probably more exploitable due to age and lack of updates than a secured modern smartphone.

        I sincerely doubt that. I can barely get it to connect to the Nokia site. And from what I can tell, java won't run on this dinosaur. If a hacker manages to crack my phone he deserves an award. Unfortunately all he's likely to get are some blurry pics of my driveway.

    • I have a modern dumbphone. They still make them. They don't want you to buy them because they don't use any data, but they're there. Mines survived getting ran over. Try running over a smartphone :)
    • From a fellow old guy, I guarantee you my next phone is going to be just like yours.

      It makes phone calls. Period.

      To hell with Androids, Iphones and the rest. Tired of this bullshit.

  • by Overzeetop ( 214511 ) on Wednesday July 22, 2015 @11:57AM (#50161545) Journal

    A dedicated, full time, paid set of software (and, presumably) hardware professionals with tens (or hundreds) of millions in revenue/funding with no fear of prosecution have managed to create effective software which uses exactly the same features that are available to the OS and app developers to collect data and phone home on the sly, while avoiding detection by people who are - mostly - entirely ignorant of the underlying system.

    This is funded by the same people who can press a button and put a thousand pounds of high explosives, literally, through the front door of a building a thousand miles away in under 120 minutes, or 500lbs from 300 miles away in under 10 minutes.

    It would be a story if they couldn't. (actually, it wouldn't - we'd call them typical incompetent government contractors).

  • "Hacking Team used fake app hosted on Google Play to install its spyware on Android devices"

    For a minute there I thought Hacking Team/slashdot were going to dazzle me with their hacking-foo. How does remotely installing and running an app - and achieving root on a device - equate to tricking the user into downloading and installing a fake app?
  • Who do they think they are, the NSA? We'll show them what exceptional hackers are and bomb them off the face of the earth.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...