{"id":5065,"date":"2016-01-20T17:31:44","date_gmt":"2016-01-20T17:31:44","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5065"},"modified":"2019-11-15T22:55:12","modified_gmt":"2019-11-15T11:55:12","slug":"mobile-spies","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/mobile-spies\/5065\/","title":{"rendered":"An hostile ear in your pocket: how cyberspies may use your smartphone"},"content":{"rendered":"<p>The <a href=\"http:\/\/www.weforum.org\/events\/world-economic-forum-annual-meeting-2016\" target=\"_blank\" rel=\"noopener nofollow\">World Economic Forum in Davos<\/a>\u00a0starts today. It\u2019s a gathering of the creme de la creme in the world of business and politics. Certainly, a lot of extremely important information will be exchanged. And it is highly likely\u00a0that there will be elevated espionage activity, too. There\u2019s an expression that goes, \u201cThe walls have ears.\u201d Well, today unfriendly \u201cears\u201d are right in your pockets: spying software in mobile devices. That\u2019s the topic of <a href=\"https:\/\/securelist.com\/blog\/research\/73305\/targeted-mobile-implants-in-the-age-of-cyber-espionage\/\" target=\"_blank\" rel=\"noopener\">a new great article published by Securelist<\/a>.<\/p>\n<p>Author Dmitry Bestuzhev explores a number of so-called \u201cmobile implants\u201d \u2013 spying software being \u201csmuggled\u201d into mobile devices so attackers can access the data stored within, as well as eavesdrop on all communications.<\/p>\n<p><strong>Where spies are expected<\/strong><\/p>\n<p>Mass-produced electronic spyware has become widely known by the public, so communication providers, businesses and cyber-savvy individuals started using data encryption to keep prying eyes and ears away. Some even go as far as to switch from e-mail to more secure solutions such as mobile messaging applications with end-to-end encryption, timed deletion, and no server storage.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>An hostile ear in your pocket: how #cyberspies may use your #smartphone<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F15FZ&amp;text=An+hostile+ear+in+your+pocket%3A+how+%23cyberspies+may+use+your+%23smartphone\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>The attackers then have just one possibility: to get a grip on the communication devices themselves \u2013 i.e. smartphones. That\u2019s where \u201cimplants\u201d come in.<\/p>\n<p>In his article, Bestuzhev describes implants capable of infecting mobile devices running on iOS (Apple), Android, Blackberry, and Windows Mobile. Developed by notorious Italian spyware maker Hacking Team, these implants have become public after a very sound and well-publicized attack on Hacking Team ending up with more than 400 Gb of internal data uploaded to BitTorrent.<\/p>\n<p><strong>A\u00a0trove of \u201cimplants\u201d<\/strong><\/p>\n<p>These \u201cimplants\u201d are rather exemplary \u2013 and smartly crafted.<\/p>\n<p>For instance, implants developed for Android are capable of obtaining access to the messaging database used by WeChat, a mobile application for text message exchange. Actually, it doesn\u2019t matter what app is used for communications \u2013 once the mobile end point is infected, threat actors are able to read all messages sent and received by the victim. They just see what the user does.<\/p>\n<p>Implants for iOS is a different breed: Apple does a good job managing the safety of its devices. However, it\u2019s still not immune.<\/p>\n<p>\u201cThere are several infection vectors for these devices. Likewise, when high-profile targets are selected, threat actors behind these targeted attacks may apply infection techniques that use exploits whose costs are higher?hundreds of thousands of dollars?but highly effective, as well. When targets are of an average profile, less sophisticated, but equally effective infection techniques are used. For example, we would point to malware installations from a previously infected computer when a mobile device is connected through a USB port,\u201d Bestuzhev writes.<\/p>\n<p>Apparently if potential victims charge their devices via a USB cable connected to their laptop, \u201cthe pre-infected computer may force a complete Jailbreak on the device and, once the process is complete, the aforementioned implant is installed.\u201d<\/p>\n<p>Using the implant, attackers are capable to gather enough data from the device to positively identify the owner (and to make sure that the right victim is hit). Interestingly, the implant is capable of recording audio from the microphone and enable front camera while suppressing the iOS camera sounds. This is done for eavesdropping on not just phone calls, but also offline conversations.<\/p>\n<p>Hacking Team also has implants for much less popular mobile OS \u2013 Blackberry and Windows Mobile. According to Bestuzhev, the Blackberry implant must have been developed by some third party developer group, which excels at making heavily obfuscated spyware specifically for this system.<\/p>\n<p>Implants for Windows Mobile have \u201cpractically limitless\u201d technical abilities, so that attackers can monitor next to everything on the smartphone.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5068\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/06020500\/main2.jpg\" alt=\"main2\" width=\"1000\" height=\"667\"><\/p>\n<p><strong>Benefits are limitless too<\/strong><\/p>\n<p>The benefits of having an \u201cimplant\u201d on the victim\u2019s mobile devices are obvious for the cyberspies: they can hear everything their victim hears, sees, and says. Unfortunately, Hacking Team isn\u2019t the only developer of tools like those described above. And Davos forum isn\u2019t the only assembly where cyberspies are expected to be very active: any large political or business event (Even <a href=\"https:\/\/www.namm.org\/\" target=\"_blank\" rel=\"noopener nofollow\">NAMM<\/a>, perhaps? Why not?) bringing together the \u201ckeepers of the secrets\u201d may become a gold vein for cyberspies, hired or freelancing.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Mobile \u201cimplants\u201d have almost limitless abilities. Benefits for spies are limitless too #mobilespy<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F15FZ&amp;text=Mobile+%26%238220%3Bimplants%26%238221%3B+have+almost+limitless+abilities.+Benefits+for+spies+are+limitless+too+%23mobilespy\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>How do you get\u00a0protected? Among the recommendations Bestuzhev offers in his article there are the necessary use of VPN connections, using encryption and passwords, and, of course, never using Jailbreaking, as it is makes any device wide open to attacks.<\/p>\n<p>The article itself is available <a href=\"https:\/\/securelist.com\/blog\/research\/73305\/targeted-mobile-implants-in-the-age-of-cyber-espionage\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There&#8217;s an expression that goes, &#8220;The walls have ears.&#8221; Well, today unfriendly &#8220;ears&#8221; are right in your pockets: spying software in mobile devices. <\/p>\n","protected":false},"author":209,"featured_media":15352,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2994],"tags":[872,423],"class_list":{"0":"post-5065","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-cyberespionage","10":"tag-mobile-devices"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mobile-spies\/5065\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mobile-spies\/5065\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/mobile-spies\/6051\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/mobile-spies\/10301\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mobile-spies\/5065\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/cyberespionage\/","name":"cyberespionage"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/5065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=5065"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/5065\/revisions"}],"predecessor-version":[{"id":24618,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/5065\/revisions\/24618"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/15352"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=5065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=5065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=5065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}