An hostile ear in your pocket: how cyberspies may use your smartphone

There’s an expression that goes, “The walls have ears.” Well, today unfriendly “ears” are right in your pockets: spying software in mobile devices.

The World Economic Forum in Davos starts today. It’s a gathering of the creme de la creme in the world of business and politics. Certainly, a lot of extremely important information will be exchanged. And it is highly likely that there will be elevated espionage activity, too. There’s an expression that goes, “The walls have ears.” Well, today unfriendly “ears” are right in your pockets: spying software in mobile devices. That’s the topic of a new great article published by Securelist.

Author Dmitry Bestuzhev explores a number of so-called “mobile implants” – spying software being “smuggled” into mobile devices so attackers can access the data stored within, as well as eavesdrop on all communications.

Where spies are expected

Mass-produced electronic spyware has become widely known by the public, so communication providers, businesses and cyber-savvy individuals started using data encryption to keep prying eyes and ears away. Some even go as far as to switch from e-mail to more secure solutions such as mobile messaging applications with end-to-end encryption, timed deletion, and no server storage.

The attackers then have just one possibility: to get a grip on the communication devices themselves – i.e. smartphones. That’s where “implants” come in.

In his article, Bestuzhev describes implants capable of infecting mobile devices running on iOS (Apple), Android, Blackberry, and Windows Mobile. Developed by notorious Italian spyware maker Hacking Team, these implants have become public after a very sound and well-publicized attack on Hacking Team ending up with more than 400 Gb of internal data uploaded to BitTorrent.

A trove of “implants”

These “implants” are rather exemplary – and smartly crafted.

For instance, implants developed for Android are capable of obtaining access to the messaging database used by WeChat, a mobile application for text message exchange. Actually, it doesn’t matter what app is used for communications – once the mobile end point is infected, threat actors are able to read all messages sent and received by the victim. They just see what the user does.

Implants for iOS is a different breed: Apple does a good job managing the safety of its devices. However, it’s still not immune.

“There are several infection vectors for these devices. Likewise, when high-profile targets are selected, threat actors behind these targeted attacks may apply infection techniques that use exploits whose costs are higher?hundreds of thousands of dollars?but highly effective, as well. When targets are of an average profile, less sophisticated, but equally effective infection techniques are used. For example, we would point to malware installations from a previously infected computer when a mobile device is connected through a USB port,” Bestuzhev writes.

Apparently if potential victims charge their devices via a USB cable connected to their laptop, “the pre-infected computer may force a complete Jailbreak on the device and, once the process is complete, the aforementioned implant is installed.”

Using the implant, attackers are capable to gather enough data from the device to positively identify the owner (and to make sure that the right victim is hit). Interestingly, the implant is capable of recording audio from the microphone and enable front camera while suppressing the iOS camera sounds. This is done for eavesdropping on not just phone calls, but also offline conversations.

Hacking Team also has implants for much less popular mobile OS – Blackberry and Windows Mobile. According to Bestuzhev, the Blackberry implant must have been developed by some third party developer group, which excels at making heavily obfuscated spyware specifically for this system.

Implants for Windows Mobile have “practically limitless” technical abilities, so that attackers can monitor next to everything on the smartphone.


Benefits are limitless too

The benefits of having an “implant” on the victim’s mobile devices are obvious for the cyberspies: they can hear everything their victim hears, sees, and says. Unfortunately, Hacking Team isn’t the only developer of tools like those described above. And Davos forum isn’t the only assembly where cyberspies are expected to be very active: any large political or business event (Even NAMM, perhaps? Why not?) bringing together the “keepers of the secrets” may become a gold vein for cyberspies, hired or freelancing.

How do you get protected? Among the recommendations Bestuzhev offers in his article there are the necessary use of VPN connections, using encryption and passwords, and, of course, never using Jailbreaking, as it is makes any device wide open to attacks.

The article itself is available here.