Spyware Demo Shows How Spooks Hack Mobile Phones

An anonymous reader writes: Joe Greenwood, of cybersecurity firm 4Armed, recently gave a live demonstration of some of Hacking Team's leaked spyware to the BBC. Tracking Bitcoin payments, recording audio from the microphone of a locked device, and secretly gaining control of an infected phone's camera are just a few of the software's capabilities. The BBC reports: "Both Mr Greenwood and 4Armed's technical director, Marc Wickenden, said they were surprised by the sleekness of the interface. Both point out, though, that customers could be paying upwards of £1m for the software and would expect it to be user-friendly, especially if it was intended for use by law enforcers on the beat. For the tracked user, though, there are very few ways of finding out that they are being watched. One red flag, according to Mr Greenwood, is a sudden spike in network data usage, indicating that information is being sent somewhere in the background. Experienced spies, however, would be careful to minimize this in order to remain incognito."

Re: False flag?

[Anonymous Coward]

As amateur as failing to provide a working hotlink?

Re:

[Anonymous Coward]

A better link [arstechnica.com] than to a hard to read forum.

Re:

[bughunter]

Less amateur than not knowing how to select the plaintext URL, use your right mouse button and left click "Open Link in New Tab," actually.

Network usage

[Anonymous Coward]

ALL software, written competently, ought to minimize network data usage. But since such care is incredibly rare in the regular software world, why would it be any different in the spy software world?

Story doesn't say...

[Anonymous Coward]

Sure, an owned phone can feed back all sorts of information. It makes for great TV. But the story doesn't say, how they own the phone in the first place.

Are they exploiting some vulnerability in the phone to hijack it? Is the exploit remote? Is it OTA, WiFi, Bluetooth? Or, is this more dramatization of the same old, you have to manually download and install a malicious app?

Re:

[bughunter]

Opened this thread to find out this very answer myself. Leaving disappointed.

I suspect, however, that a Stingray [aclu.org] is involved, and I don't mean the Chevy.

"... by law enforcers on the beat."

[Anonymous Coward]

... or in other words, foot patrol cops on a fishing expedition. Over and over again, the officials in our governments and law enforcement talk about how there are all these safeguards and how hard it is to use surveillance and time (Snowden) and time (Hacking Team crack) again the reality shows them for the lying autocrats that they are.

I wish someone would have made sure that Hacking Team, and other companies like them, no longer were in business permanently. Instead, we are leaning the other way, with "terrorism experts" saying that private companies should have their own equivalents of Internet armies.

captcha: warped

Huh? It's already out there for free!

[Ungrounded Lightning]

How long will it take before some member of some enforcement organization somewhere in the world sells a copy of this to some other organization?

Huh?

I thought:
  - all this stuff (including the tools source code) was looted from "The Hacking Team" and dumped on the net.
  - A security researcher compiled it and tested it.
  - And this article was about what he got it to do.

So It's already out there, right now! Anybody who snagged a copy and figured out how to compile and run it can now do this.

Have I misunderstood something?

THIS is why it's not a good idea for governments to fund building and perfecting such tools, and to encourage the installation, rather than removal, of backdoors and vulnerabilities. Eventually they leak. Then these advanced capabilities are available to script kiddies, crooks, enemy spies, the tyrannical security forces of even minor regimes, and every jealous spouse and malicious bully with a trace of technical savvy.

What?

[fustakrakich]

No torrent??

Re:

[cookiej]

After reading that, I am stupider. And I find myself strangely expecting a Jägermonster [wikia.com] rap solo...

Gaining control of infected phone ..

[nickweller]

"Joe Greenwood .. gave a live demonstration of .. recording audio from the microphone of a locked device, and secretly gaining control of an infected phone's camera"

How exactly did the phone get 'infected' in the first place?

Re:

[coofercat]

Yeah, the one really important detail - missed out.

My guess is that infection is not as easy as you might think - possibly physical access is required (no problem for the spooks, harder for the scrip kiddies).

Re:

[PPH]

How exactly did the phone get 'infected' in the first place?

From TFS:

especially if it was intended for use by law enforcers on the beat.

So when you get stopped by a cop, your pockets emptied and your car searched, one of the cops runs back to the patrol car with your phone, plugs it into a PC and loads the s/w.

Or some /. post just directs you to a BBC article with an infected Flash video.

It's a trap

[lastman71]

One of the thing we learned from the Hacking Team affair, is that the flash is one of the most frequent vector of infection. And the article has a flash movie... oh the irony!

I wonder...

[Voyager529]

This software vs Xprivacy [github.com], ideally with SysScope frozen or removed. I wonder what this tool would show.....

pick your poison

[superwiz]

Even if you do only send network traffic when there is a lot of other network traffic (to avoid obvious consistent network use), it means more buffering. Which means more memory/storage use. It's still detectable through purely statistical tools.

Most Helpful Advice Ever

[Isarian]

"Is there anything we can do to protect ourselves from this spyware?"
"So the standard, um, advice for security is valid so installing antivirus, making sure you keep your phone secure and following standard security procedures, um."

So, basically, he has no real suggestions on how to protect your device.