They're Spying On You: Hacking Team Mobile Malware, Infrastructure Uncovered

msm1267 (2804139) writes Controversial spyware commercially developed by Italy's Hacking Team and sold to governments and law enforcement for the purpose of surveillance has a global command and control infrastructure. For the first time, security experts have insight into how its mobile malware components work. Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting Hacking Team's Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. Adds reader Trailrunner7: [T]he report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. The new modules enable governments and law enforcement officers with extensive monitoring capabilities over victims, including the ability to report on their location, steal data from their device, use the device's microphone in real time, intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more.

But...

[Anonymous Coward]

...it's to keep us FREE! They said so.

Someday we will be required to have cellphones

[Squidlips]

For our own protection of course. And that someday is coming soon. How much longer can Richard Stallman and I hold out on owning one of these dream (Stalin's) -machines?

Re:

[Anonymous Coward]

Stallinman is communist anyway.

Re:

[tlhIngan]

For our own protection of course. And that someday is coming soon. How much longer can Richard Stallman and I hold out on owning one of these dream (Stalin's) -machines?

Is it any surprise they're in Italy? Where the per-capita cellphone ratio is over 2? Yes, they really like their cellphones, and most people have two, or three. Work phone, play (domestic life) phone, and a third just because ("mistress" phone).

Heck, the worldwide number of cellphones has recently exceeded the population of the world.

And eve

Re:

[Gr8Apes]

which is why blacklisting both google and facebook locally is a good practice, just like washing your hands.

Re:

[Gr8Apes]

Own a cellphone, leave it in random locations, share it with friends, make things really confusing.

Re:

[antdude]

I hope not. I still don't own a mobile phone like Richard Stallman. If it is enforced, will we get a cellphone for free? Was landline phone service ever required for Americans from the laws?

They mention "uninstall" and "wipe" but not how to

[Lexible]

So: how to prompt such malware to uninstall itself on one's devices?

Re:

[JaredOfEuropa]

Better to not install it in the first place. The article mentions targeted attacks: "Once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days; and local infections via USB cables while synchronizing mobile devices". Sounds like stuff you can avoid with some care. They also mention that the trojan will not work on un-jailbroken iOS devices.

iOS malware only works on jailbroken devices!!

[Noah Haders]

iOS malware only works on jailbroken devices!! FTFA:

Taking a deeper dive into the malware, Kaspersky and Citizen Lab learned that the iOS version of the RCS Trojans hits only jailbroken devices. Pristine iPhones are also vulnerable if an attacker can remotely run a jailbreaking tool such as Evasi0n and then load the malware implant.

So I know there will be a lot of shouts here of 'see! iOS is vulnerable just like android!" this only works for people who have chosen to expose themselves to malware. also raises a lot of questions about who are the secret teams behind these jailbreaking kits. Especially with the new news of the new jailbreaking kit out of china [cnet.com].

don't jailbreak, don't get pwned.

Re:

[Lexible]

And you also answer the question by way of spreading FUD about taking control of one's own general purpose computer like a complete jackass.

My question was: given that the researchers identified ways to uninstall/trigger wipes of the malware from one's phone, how does one go about doing so? "Don't jailbreak an iphone." is not an adequate answer to that question.

Re:

[Noah Haders]

Actually the FUD is in the summary, where it says that android and iOS phones are vulnerable. it's more accurate to say androids and jailbroken iPhones. if you haven't jailbroken your iPhone, then according to this research it is not vulnerable. This is just anti-apple FUD to tear them down.

in terms of avoiding malware, the suggestion "don't jailbreak your iPhone" is actually an excellent suggestion. Kinda like a strategy to avoid STDs: "don't sleep with whores". for all that slashdot raves about the safet

Nope:iOS malware only works on jailbroken devices

[Lexible]

I notice that you are still not answering the question How to wipe an infected device. Is basic reading comprehension too challenging for you?

Re:

[Noah Haders]

short answer, you can never know that the phone has been sanitized. First, you'll never even know if you've been infected. Then, even if you go back to a full phone wipe, who knows what was planted in the BIOS or something. Basically, you have to throw out the phone, because it's been pwned 4evar.

Re:

[AHuxley]

Re "don't jailbreak, don't get pwned." would be great if the jailbreak aspect was complex and had a few GUI steps that a user would see or have to be fooled into doing.
Another computer or person can "jailbreak" a device of interest in a way that the person been watched would not be aware of.
ie you get the users password and its a background like task that is never noticed. ie infect the computer, then you get details on the connected devices, then you can jailbreak. No user interaction needed :)

Re:

[Lexible]

Way to not answer the question by way of spreading FUD about taking control of one's own general purpose computer, jackass. My question was: given that the researchers identified ways to uninstall/trigger wipes of the malware from one's phone, how does one go about doing so? "Don't jailbreak an iphone." is not an adequate answer to that question.

Re:

[AHuxley]

What are the options for a uninstall/trigger wipe?
Could a unique telco call carry the needed 'off' layer without "ringing"/user been notified?
Could wifi be turned on and a site visit in range send the "off" instruction from a street, shop, cafe?
Could net connection be used to send the "off" instruction?
Could malware in a users computer be waiting to issue that command next time connected?
Consumer devices have many options to connect :)

That's it

[symes]

I'm dusting off my old Motorola 8000 DynaTAC.

Victims?

[jythie]

Interesting choice of words there. 'Victims' and 'suspects' carry pretty different implications with them.

Re:

[disposable60]

Perspective - one side's Freedom Fighter is another's Terrorist. cf: LEO::Jack-booted Thug

Re:

[Rob the Bold]

Interesting choice of words there. 'Victims' and 'suspects' carry pretty different implications with them.

It makes sense the way it's used. If someone is a "suspect" according to their government, that is someone suspected of a crime, then that government probably has straight-up legal means of eavesdropping on them. OTOH, someone who is being spied on via a surreptitiously installed piece of malware might be more properly called a "victim," since the implication is that the spying is being done in an extrajudicial manner by governments or other parties.

Of course, one could be both victim and suspect. Or be spi

If You Want to Be Safe & Secure Go With Micros

[Anonymous Coward]

Because Windows Phone is THE ONLY secure smart phone you can buy!

Re:

[Squidlips]

Nope. Sorry. You have to PAY for the privilege of being spied on. It is the American way.

Re:

[Bob the Super Hamste]

It is the government, that is why! Now shut up and provide the agents the necessary resources to violate your rights.

The biggest problem I see in perusing such charges is finding out who put it there. After that you would need to find a court that will rule in your favor and not be swayed by we need to stop those communist fascist terrorist kiddy diddlers arguments.

Will upgrading iOS remove this?

[oddbox]

How do you think an upgrade / restore will deal with this? The article says that non-jailbroken devices are safe, unless a connected computer jailbreaks it first. Don't Apple have means to discover if a device has been jailbroken, and thus remove all such malware during a proper upgrade or restore? What do you guys think? And, what about how to discover such a hack, now that they are known?

Re:

[DocSavage64109]

The one time I jailbroke my phone, I couldn't update it to the newest iOS. This attack seems rather easy to notice if your phone suddenly refuses to allow any updates.

Re:

[grub]

Some apps have jailbreak detection and will not run, or issue a warning, on jailbroken iOS devices. An app called "Divide" used for keeping work data via MS Exchange (mail, contacts, calendar, etc.) separate from your normal stuff is one.

I call Alarmism

[wannabgeek]

I did RTFA and found this gem: "the iOS version of the RCS Trojans hits only jailbroken devices". Also
“Once the sample is ready, the attacker delivers it to the mobile device of the victim. Some of the known infection vectors include spearphishing via social engineering – often coupled with exploits, including zero-days; and local infections via USB cables while synchronizing mobile devices,”

So, ya, while this is bad, it is not in the same league as what NSA's surveillance of everyone and everything is.

Pigs at the trough

[Squidlips]

So with so many bad actors all stealing our cellphone data, how do they avoid stepping on each others toes? It must get crowded on our cellphones with all the malware competing for our data. Oink, oink

Re:

[Errol backfiring]

They don't. They operate at different levels, so they may be listening to an extra "backup" data flow. I rather think they use each other. It is too convenient for "intelligence" agencies not to tap into the already existing camera and audio feed from another spy.

Re:

[AHuxley]

Some get given a free mirror of your nations backhaul (NSA, GCHQ).
Some get given a free mirror of your cities telco towers (federal law enforcement, your mil).
Some have to use devices at the street level that become a fake cell tower to track people.
At every level of international, national or local clandestine surveillance you have groups, individuals and multinationals with products and survives to sell, rent or service.
Your average telco is also bound by international conventions to use standard junk

Re:

[AHuxley]

As the news from the US shows with "parallel construction" all the digital aspects are cleaned up before any defendant and their legal team get a look at a case presented by the gov.
Local law enforcement know federal/mil/contractor/private sector help with "parallel construction" is totally wrong. The local law enforcement put on a good show to hide the origins of cases or try to seal early case work and present more legally sound evidence.
Thankfully whistleblowers, good legal teams, law reform groups, po

Leave Britney Alone!

[ozzy85]

What more do you want to know about her, myself, and my lolcat?

Broken Link in Article

[NerdyLove]

The link is broken for me, should be http://threatpost.com/researchers-go-inside-hackingteam-mobile-malware-command-infrastructure [threatpost.com].

Re:

[NerdyLove]

Eh, it's working now with /106827. Must have been slashdotted. Sorry!

Keep Your Messages Private -- With IONU

[rowyn_vanm]

By downloading IONU's app, or installing it on your computer, you don't have to worry about who will see your messages. IONU offers an encrypted messaging service so you can ensure that your message doesn't end up in someone else's hands. Learn more about IONU and download it here: https://ionu.com/download [ionu.com]