featured

The All-In-One Mobile Spyware Tool for Governments

By James Green ~ June 27th, 2014 2:00PM MST

Header2

Italian company ‘Hacking Team’ has developed an enterprise version of Remote Control System (RCS) malware that can be used to infect a mobile device on any major operating system platform including iOS, Android, Windows Phone, and Blackberry. One of the most dangerous aspects of this malware is it is not used by “criminals,” rather it is believed this malware is bought and used by governments.

The RCS threat created by the Hacking Team was uncovered by Kaspersky labs. Researchers were able to identify a signature within RCS command and control (C&C) servers and used this unique signature to identify 326 RCS C&C servers worldwide. The largest number of C&C servers located in a single country was 64, found in the United States. The top ten countries hosting RCS C&C servers are as follows (image credit Kaspersky).

top10

These C&C servers are used to communicate and control devices infected with the RCS malware. While there is no way to associate any particular Government agencies to any particular server, the WHOIS information tied to IP addresses for these servers was identified as “government.” It is also fair to speculate Governments using the RCS malware to spy on citizens would be wise to host the C&C servers within their own borders to avoid any international legal implications.

According to the research team at Kaspersky labs, both the Android and the iOS versions of this malware have similar capabilities. It is likely that the blackberry and Windows phone versions of this malware share the same capabilities, though they were not included in the report. RCS malware can monitor an alarming number of device activities, including:
code

  • Control of Wi-Fi, GPS, GPRS
  • Recording voice
  • E-mail, SMS, MMS
  • Listing files
  • Cookies
  • Visited URLs
  • Cached web pages
  • Address book
  • Call history
  • Notes
  • Calendar
  • Clipboard
  • List of apps
  • SIM change
  • Live microphone
  • Camera shots
  • Support chats, WhatsApp, Skype, Viber
  • Log keystrokes from all apps and screens via libinjection

All RCS malware can be installed remotely on any of the target device types when connected to an infected Windows or Mac computer. The iOS version of the RCS malware can only be installed on a jail broken iPhone. This may appear to limit the effectiveness of the RCS malware but, fortunately for invasive government agencies, the RCS C&C servers are also capable of jail breaking connected iOS devices via infected computers. The RCS C&C servers even have an intuitive GUI interface that executes installation and jail breaking with just a click of a button.

blogpost_kl_hackingteam6

1984 in 2014

It is alarming professional malware programmers are backed by state actors to spy on citizens. The convenience is blinding us from the fact technology can be used to completely invade the privacy of our everyday lives. The reality is that most of us rely on computers and technology for our livelihoods and could not afford to surrender our technology to ensure our privacy. But there a few things you can do to regain some of your privacy.

  • Cover the webcam on your computer or laptop when not in use.
  • Disable or disconnect computer microphones when not in use.
  • Disable Geo location features on your mobile device.
  • Use secure, encrypted instant messaging apps like ChatSecure instead of the default SMS client.
  • Use secure, encrypted calling clients like Cellcrypt to protect your conversations.
  • The TOR project is a great browser to ensure anonymity online and prevent anyone spying on your web activity.
  • If your going to have a sensitive conversation don’t do it in the same room as any cellphones or computers. The US government has a no electronic policy in the situation room for this very reason.♦

James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email: James@ArmorforAndroid.com; Twitter: @James_AfA