Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Privacy

Spyware Demo Shows How Spooks Hack Mobile Phones 35

An anonymous reader writes: Joe Greenwood, of cybersecurity firm 4Armed, recently gave a live demonstration of some of Hacking Team's leaked spyware to the BBC. Tracking Bitcoin payments, recording audio from the microphone of a locked device, and secretly gaining control of an infected phone's camera are just a few of the software's capabilities. The BBC reports: "Both Mr Greenwood and 4Armed's technical director, Marc Wickenden, said they were surprised by the sleekness of the interface. Both point out, though, that customers could be paying upwards of £1m for the software and would expect it to be user-friendly, especially if it was intended for use by law enforcers on the beat. For the tracked user, though, there are very few ways of finding out that they are being watched. One red flag, according to Mr Greenwood, is a sudden spike in network data usage, indicating that information is being sent somewhere in the background. Experienced spies, however, would be careful to minimize this in order to remain incognito."
This discussion has been archived. No new comments can be posted.

Spyware Demo Shows How Spooks Hack Mobile Phones

Comments Filter:
  • by Anonymous Coward

    ALL software, written competently, ought to minimize network data usage. But since such care is incredibly rare in the regular software world, why would it be any different in the spy software world?

  • by Anonymous Coward

    Sure, an owned phone can feed back all sorts of information. It makes for great TV. But the story doesn't say, how they own the phone in the first place.

    Are they exploiting some vulnerability in the phone to hijack it? Is the exploit remote? Is it OTA, WiFi, Bluetooth? Or, is this more dramatization of the same old, you have to manually download and install a malicious app?

    • Opened this thread to find out this very answer myself. Leaving disappointed.

      I suspect, however, that a Stingray [aclu.org] is involved, and I don't mean the Chevy.

  • by Anonymous Coward on Wednesday August 05, 2015 @05:30PM (#50259373)

    ... or in other words, foot patrol cops on a fishing expedition. Over and over again, the officials in our governments and law enforcement talk about how there are all these safeguards and how hard it is to use surveillance and time (Snowden) and time (Hacking Team crack) again the reality shows them for the lying autocrats that they are.

    I wish someone would have made sure that Hacking Team, and other companies like them, no longer were in business permanently. Instead, we are leaning the other way, with "terrorism experts" saying that private companies should have their own equivalents of Internet armies.

    captcha: warped

  • No torrent??

  • "Joe Greenwood .. gave a live demonstration of .. recording audio from the microphone of a locked device, and secretly gaining control of an infected phone's camera"

    How exactly did the phone get 'infected' in the first place?
    • Yeah, the one really important detail - missed out.

      My guess is that infection is not as easy as you might think - possibly physical access is required (no problem for the spooks, harder for the scrip kiddies).

    • by PPH ( 736903 )

      How exactly did the phone get 'infected' in the first place?

      From TFS:

      especially if it was intended for use by law enforcers on the beat.

      So when you get stopped by a cop, your pockets emptied and your car searched, one of the cops runs back to the patrol car with your phone, plugs it into a PC and loads the s/w.

      Or some /. post just directs you to a BBC article with an infected Flash video.

  • One of the thing we learned from the Hacking Team affair, is that the flash is one of the most frequent vector of infection. And the article has a flash movie... oh the irony!
  • This software vs Xprivacy [github.com], ideally with SysScope frozen or removed. I wonder what this tool would show.....

  • pick your poison (Score:2, Interesting)

    by superwiz ( 655733 )
    Even if you do only send network traffic when there is a lot of other network traffic (to avoid obvious consistent network use), it means more buffering. Which means more memory/storage use. It's still detectable through purely statistical tools.
  • "Is there anything we can do to protect ourselves from this spyware?"
    "So the standard, um, advice for security is valid so installing antivirus, making sure you keep your phone secure and following standard security procedures, um."

    So, basically, he has no real suggestions on how to protect your device.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...