Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed 92
An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages.
Hacking Team says it sold its surveillance and intrusion software strictly within the law.
Whose law? (Score:4, Interesting)
Sold malware within the limits of the law? Whose law? Not my law. By my law a man looks another man in the eye before stabbing him in the heart, and doesn't sneak up on him to stab him in the back.
Re: (Score:3)
Brannigan's Law [wikia.com].
Re: (Score:3)
Every time I read the word "law" now, I replace it with "injustice".
Re: (Score:2)
Something being with in the law doesn't make something right or just.
It only makes it legal.
Re: (Score:2)
Note to government: you may be my accountant, my arbiter, my bodyguard and my insurance agent, but you are not my dad. Stop acting like it.
Re: (Score:3)
Re:Whose law? (Score:4, Interesting)
There are countries (including the US) that do consider certain acts committed outside of their borders, not by their citizens, that only indirectly affect their country or citizens, as full crimes, to be persecuted and the guilty to be extradited, regardless of laws of the countries where these "crimes" were committed.
So, if given country has a law against aiding unauthorized entities from spying on their citizens, and the firm sells the software to these entities, it is committing a crime. And while extradition or direct consequences are unlikely, they are not impossible, especially if employees of the firm ever visit the country in question.
Re: (Score:2)
Normally, one would use the word "prosecuted" here . . . but I like this version.
Re: (Score:2)
Sold malware within the limits of the law? Whose law?
Cole's Law
/ thinly sliced cabbage, rice wine vinegar, a dab of (Duke's) mayo.
Re: (Score:1)
My laws say "no stabby".
Heart, back, dick, I don't care. NO. STABBY.
Re: (Score:3)
>> if security and privacy are a concern, maybe iPhone isn't really such a bad option
Dude, is Google down today? http://lmgtfy.com/?q=iphone+ma... [lmgtfy.com]
Then look up WireLurker. Then MASQUE-D. And if you jailbreak a phone, pretty much all bets are off.
Re: (Score:2)
>> if security and privacy are a concern, maybe iPhone isn't really such a bad option
Dude, is Google down today? http://lmgtfy.com/?q=iphone+ma... [lmgtfy.com]
Then look up WireLurker. Then MASQUE-D. And if you jailbreak a phone, pretty much all bets are off.
WireLurker looks to be pretty nasty, that's for sure. But it's also only on a GreyWare "App Store", NOT available through legit channels [paloaltonetworks.com].
And MASQUE-D is such a threat (NOT!) that I had to try two different search terms to even FIND a reference on Google. Plus, it again is a Trojan, that has to entice the user to install it from a non-legitimate "App" site [us-cert.gov].
And as far as JailBreaking your iOS device, you get what you deserve, period.
So, thanks for proving the point that the "Walled Garden" actually WORK
Re: (Score:2)
In general I think you're correct. Most people are pretty dumb and likely better off in the walled garden so they can't hurt themselves. Similarly, dumb people are better off with a foam hammer than a real hammer, even if it's less useful at least they can't nail themselves to their toilet.
See? There you go, blaming the user. Typical Slashtard.
There is a BIG difference between being "dumb" and being "ignorant".
If I sat you down in the control room of a jet fighter, or a helicopter, I would bet that (assuming you aren't skilled in any of those) you wouldn't be able to successfully land any of them. Why? Because you simply haven't had to learn those skills to navigate your particular slice of the universe. Does that make you "dumb"?
Not everyone is a computer expert. And that is EXACTLY wh
Re: (Score:2, Informative)
Jailbroken iDevices are totally irrelevant. There have been zero exploits on non-JB devices that are widespread.
Also, Android isn't that insecure. A rooted Android device is just as secure as an unrooted one, assuming the user doesn't click "allow" on the su dialog. In fact. the latest su app won't allow apps to ask for root access unless the install permissions have PERMISSION_SUPERUSER present in the app manifest.
However, Android does have a permission model that is all or nothing, where a fleshlight a
Re: Bring-on the Apple haters (Score:2)
How do you think you perform the jailbreak? Oh right you use an exploit. I remember the iPhone 3G had a website called let me jailbreak that for you. As for vl permissions, there is appops in android but you'll need to root to use it. At least 'till Android M is released.
Re: (Score:2)
However, Android does have a permission model that is all or nothing, where a fleshlight app can ask for everything under the sun and there is no "allow, but not with those permissions" available.
This is changing in Android M [androidpolice.com]
Re: (Score:1)
where a fleshlight app
Woah! They have an app? Is there an external attachment too?
Re: (Score:2)
where a fleshlight app
Woah! They have an app? Is there an external attachment too?
Somebody mod that post sexy - Zapp Brannian
Re: (Score:2)
However, Android does have a permission model that is all or nothing, where a fleshlight app can ask for everything under the sun and there is no "allow, but not with those permissions" available.
This is changing in Android M [androidpolice.com]
Too bad that pretty much EVERYONE who owns an Android device currently will have to:
1. Wait a YEAR while all the Carriers re-infect it with THEIR Malware, er, Extra Features.
2. THROW AWAY their Current Android Device, the BUY ONE WITH Android "M".
Re: (Score:2)
This is why I got the Nexus 6... I got sick of waiting.
Re: (Score:2)
fleshlight app
What does that do, exactly?
Re: (Score:2)
Walled garden no bugs or exploits. It only means now you're even more dependent on a company to fix the exploits and bugs because it's much harder to find workarounds or fix them yourself.
And Android Users can?
Re: (Score:3)
Walled garden makes no difference, as this apparently exploits old Android bugs to install itself.
The big difference is that Apple continues to support old devices with new versions of the operating system until the hardware becomes too outdated to run it. Android devices are lucky if they get two upgrades before the carrier or manufacturer declares them done.
And, yes, that's one reason I'm expecting to dump Android for Apple when Google stop supporting my Nexus tablet.
Re: (Score:3)
Walled garden makes no difference, as this apparently exploits old Android bugs to install itself.
The big difference is that Apple continues to support old devices with new versions of the operating system until the hardware becomes too outdated to run it. Android devices are lucky if they get two upgrades before the carrier or manufacturer declares them done.
And, yes, that's one reason I'm expecting to dump Android for Apple when Google stop supporting my Nexus tablet.
Apple does stop supporting. My (no longer used) iPad is stuck on iOS 5.x.
Personally I believe device manufactures should be held accountable for not pushing OTA updates to patch security exploits. At least for x number of years after releasing a device or Google stops patches for that version of Android. This is one reason I moved to a Nexus 6 from a Samsung Note 2. I was considering a Note 4 but I hate always being 2 versions behind in Android versions. Samsung claims they are working on 5.0.x for the
Re: (Score:2)
Apple does stop supporting. My (no longer used) iPad is stuck on iOS 5.x.
He never said they don't stop supporting. Only that they do so ONLY when the Hardware simply makes it impractical.
You have a first-generation iPad. Know how I know that? Because EVERY other version of the iPad (including my iPad 2nd gen) IS still supported (haven't checked as to whether that is true for iOS 9; but so far, it has been supported). In fact, Apple recently released a "point-release" for iOS8 that, among other things, was specifically designed to improve performance on iPad 2.
NOBODY in the A
Re: (Score:1)
Apple's user base is pretty large. And there have been multiple malwares created for iOS, for example WireLurker.
Re: (Score:2)
Apple's user base is pretty large. And there have been multiple malwares created for iOS, for example WireLurker.
Which apparently requires you to download a trojan onto your OSX machine, then plug your iPhone into it. Not exactly quite so easy as auto-installing when you browse a URL with a vulnerable version of Android because your phone carrier won't let you upgrade it.
Re: (Score:1)
I know this is off topic here, but my phone gets it's Windows 10 upgrade sometime next week.
Ok, so... (Score:2, Insightful)
Awesome. So when's the patch coming out?
Re: (Score:1)
"You mean the ADMIN account can do ANYTHING?? OMG OMG OMG!"
Being within the law doesn't make it right (Score:5, Insightful)
Killing Jews was strictly within the law of Nazi Germany.
What is wrong is wrong. Within the law or outside of it, there are certain things that make you an asshole when you do it.
Supporting oppressive regimes is such a thing. Yes, it's legal to deal with them. Yes, it's legal to sell them your shit. Yes, you're still an asshole for doing so. A legal asshole if you want to, but at the end of the day, you're still just full of shit and nobody wants to touch you.
Re: (Score:2)
Yeah but fuck the jews.
I'm not even Jewish; but I double-dog dare you to sign-on and say that.
Re: (Score:1)
How do I mod +1 Troll?
Re: (Score:2)
Re: (Score:2)
No, but these douchebags now ruin it for the rest of us. So far that whole shit didn't hit mainstream media too hard, but when it does, do you think that you could sensibly tell anyone anymore that you're in ITSEC? People will treat us like we're working for the fucking Stasi or something.
And that alone is enough for me to want them kicked in the nuts, hard and repeatedly. Fuck, I'd do it myself if those fuckers weren't even worth a nanosecond of jail time.
Re: (Score:2)
Killing Jews was strictly within the law of Nazi Germany.
I would not bet on that. While Germany and Germans may have been pedantically detail oriented and had a desire to fulfill the letter of the law, the NAZI party never really had those habits. Even after it was technically legal for Hitler to write up any law he wanted, he often didn't bother. They would write up laws that sounded good to the German people and announce them, and then promptly ignore and break them. Anybody asking too much about the legality of their actions usually found themselves threatened
A request ... (Score:5, Insightful)
Hey, if there's any angry hackers out there, will someone please ruin these assholes lives?
Because if anybody deserves to be fucked with by the internet, it's these clowns.
kthanksbye
Android's stock browser MUST be removed (Score:4, Interesting)
The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.
This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.
LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.
Re: (Score:2)
The stock browser is a primary avenue of exploit for this malware. Stock lives in /system where it is installed read-only.
This was a colossally foolish thing to do. Browser libraries, executables, and sundry components MUST retain the ability to receive patches.
LD_LIBRARY_PATH should point to /data/lib, then resolve to /system/lib only if an override library is not installed, allowing update capability for stock webkit.
Wow!!! You mean that intrinsic APPS can't even be UPDATED on Android without updating the OS???
Wow. Just. Wow.
What? Did an eight-year-old write Android? Is that why it has that ridiculous, childish name? Why not just call it "Buzz Lightyear" and be done with it?
Re: (Score:2)
Do you think that calling something "i" as in "myself" plus "general name for the product" isn't ridiculous? Why not? Do you perceive it as mature (adult-like)?
How would you rank the ridiculousness of the names Microsoft, Apple and Google? And of Windows, iOS and Android? How would they rank in childishness? Why? Do you make other comparisons to justify them?
Since I'm not an Apple fan, I rationalize in ways to criticize them, like you did with b
Re: (Score:2)
Do you think that calling something "i" as in "myself" plus "general name for the product" isn't ridiculous? Why not? Do you perceive it as mature (adult-like)?
LOL!
The "i" prefix on Several Apple products in the late 1990s and early 2000s is not indicative of the personal pronoun "I" (notice the capitalization), as in "I, Robot", but rather, the "i" in "Internet" (small "i"). Silly as it seems now, the fact that, in 1999, you could take an iMac (the first "i" Product") out of the box and connect (via dialup, using the iMac's built-in MODEM) to the interwebs in two easy steps in about five minutes was quite a revelation. Apple even had a popular TV ad and a catch [youtube.com]
Re: (Score:2)
I'm really curious about your opinion on Apple device's names.
It was an informed opinion.
Thanks. Very interesting. Would mod you up if I could.
Re: (Score:2)
I'm really curious about your opinion on Apple device's names.
It was an informed opinion. Thanks. Very interesting. Would mod you up if I could.
And thank YOU for allowing facts to sway your opinion. So rare on Slashdot!!!
Re: (Score:2)
Wow!!! You mean that intrinsic APPS can't even be UPDATED on Android without updating the OS???
Wow. Just. Wow.
You mean just like iOS? Ever seen a Safari update outside an OS update? Mail? Messages? Shall I go on?
What? Did an eight-year-old write Android? Is that why it has that ridiculous, childish name? Why not just call it "Buzz Lightyear" and be done with it?
Pot, kettle. Black. macs4all, you're a notorious flamer and troll around here, but even I am perplexed at this post of yours. Normally your unwavering defense of all things Apple is at least rooted in some understanding of the underlying technology, even if misguided. But this is horrifically bad if you honestly think iOS is different from Android in this regard.
I will agree that it is pretty-much unheard of for Apple to update intrinsic iOS Apps outside the auspices of an OS Update, they instead will often "spawn" an iOS "point-release" update for the SOLE (or at least primary) purpose of updating an intrinsic app or framework. What you are suggesting is that Apple only updates things on major iOS version-changes. By comparison, there is absolutely NO history of a "Jelly Bean.1" in the Android ecosystem. None. And Apple DOES, on occasion, but very rarely, update i
Re: Android's stock browser MUST be removed (Score:2)
Re: (Score:3)
Not out of the ordinary (Score:3)
Sounds like a lot of different Android apps. The Facebook app can do most of the same things, as can Chrome, and so on....
Re: (Score:2)
The difference being, you actively installed those apps and explicitly gave them those permissions. Not the same boat, not even the same ocean.
Blame the User. The last bastion of the technically-challenged.
In case you didn't notice: The percentage of Android Users that are up to par with the likes of people who frequent Slashdot or Stack Overflow, etc. is vanishingly small. So, simply dismissing those people with a conceited and immature wave-of-the-hand is most unhelpful to the entire Android "community".
You want people to start flocking to iOS? Keep that attitude up, asswipe.
Check-up tool? (Score:2)
Re: (Score:1)
Hacking Team description (Score:2)
Ha ha (Score:2)
No, I can't watch movies on my phone (that's what I have a TV for, hello?) and no I can't find out the temperature on Mars, but guess what? I don't want to.
I want to 1) make calls, 2) take calls, and 3) m
Re: (Score:2)
Actually, all those phones have J2ME embedded and do allow downloading of apps. Its probably more exploitable due to age and lack of updates than a secured modern smartphone. There's just not enough of you in rich enough countries to bother.
Re: (Score:2)
I sincerely doubt that. I can barely get it to connect to the Nokia site. And from what I can tell, java won't run on this dinosaur. If a hacker manages to crack my phone he deserves an award. Unfortunately all he's likely to get are some blurry pics of my driveway.
Re: (Score:2)
I've written apps for them. It plays Snake? What do you think Snake is written in?
Re: (Score:1)
Re: Ha ha (Score:2)
From a fellow old guy, I guarantee you my next phone is going to be just like yours.
It makes phone calls. Period.
To hell with Androids, Iphones and the rest. Tired of this bullshit.
Are we supposed to be surprised? (Score:4, Interesting)
A dedicated, full time, paid set of software (and, presumably) hardware professionals with tens (or hundreds) of millions in revenue/funding with no fear of prosecution have managed to create effective software which uses exactly the same features that are available to the OS and app developers to collect data and phone home on the sly, while avoiding detection by people who are - mostly - entirely ignorant of the underlying system.
This is funded by the same people who can press a button and put a thousand pounds of high explosives, literally, through the front door of a building a thousand miles away in under 120 minutes, or 500lbs from 300 miles away in under 10 minutes.
It would be a story if they couldn't. (actually, it wouldn't - we'd call them typical incompetent government contractors).
Psssh.. my flash light app can do all that ... (Score:5, Funny)
;)
Hacking Team deliver spyware on Android devices (Score:2)
For a minute there I thought Hacking Team/slashdot were going to dazzle me with their hacking-foo. How does remotely installing and running an app - and achieving root on a device - equate to tricking the user into downloading and installing a fake app?
Gotdamn Ities (Score:1)