Spyware Demo Shows how Spies Hack Mobiles

Uploaded on 2015-08-07 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW

_84665771_rcs1.jpg

The tool can record audio from a phone's microphone, even when the device is locked

Intelligence agencies' secretive techniques for spying on mobile phones are seldom made public, but a UK security firm has shown the BBC how one tool, sold around the world to spooks, actually works.

It allows spies to take secret pictures with a phone's camera and record conversations with the microphone, without the phone owner knowing.

Hacking Team's software was recently stolen from the company by hackers and published on the web. When Joe Greenwood, of cybersecurity firm 4Armed, saw that source code for the programme had been dumped online by hackers, he couldn't resist experimenting with it. Although he had to fiddle with the code to make it work, it only took a day before he had it up and running.

The software consists of the surveillance console, which displays data retrieved from a hacked device, and malware planted on the target device itself. 4Armed was careful to note that using it to spy on someone without their consent would be against the law.

After testing the software on his own PC, Mr Greenwood soon realised the scope of its capabilities. "You can download files, record microphones, webcam images, websites visited, see what programmes are running, intercept Skype calls," he told the BBC.

The software even has some in-built features to track Bitcoin payments, which can be difficult to associate with individuals without additional data about when and how transactions were performed.

In a live demonstration of the system, Mr Greenwood showed how an infected phone could be made to record audio from the microphone, even when the device was locked, and use the phone's camera without its owner knowing.

"We can actually take photos without them realising. So the camera in the background is running, taking photos every number of seconds," explained Mr Greenwood.

It was also possible to listen in on phone calls, access the list of contacts stored on the device and track what websites the phone user was visiting.
 
The tool can record audio from a phone's microphone, even when the device is locked

Both Mr Greenwood and 4Armed's technical director, Marc Wickenden, said they were surprised by the sleekness of the interface.

Both point out, though, that customers could be paying upwards of £1m for the software and would expect it to be user-friendly, especially if it was intended for use by law enforcers on the beat.

For the tracked user, though, there are very few ways of finding out that they are being watched. One red flag, according to Mr Greenwood, is a sudden spike in network data usage, indicating that information is being sent somewhere in the background. Experienced spies, however, would be careful to minimise this in order to remain incognito.

At present, spy software like this is only likely to be secretly deployed on the phones and computers of people who are key targets for an intelligence agency.

The version of the spyware distributed online is now likely to be more easily detected by anti-virus programs because companies analysing the source code are in the process of updating their systems to recognise it.
Security expert Graham Cluley said it should be as easy to detect as malware.

"The danger will be that malicious hackers could take that code and augment it or change it so it no longer looks like Hacking Team's versions, which might avoid detection," he added. The best course of action, said Mr Cluley, is to keep operating systems and software as up to date as possible.
BBC: http://bbc.in/1MMT96S

« Cyber Wars Are Good For Tech Businesses
Internet of Things Unlocks Revenue Opportunities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Gutsy

Gutsy

Gutsy uses process mining to help organizations visualize and analyze their complex security processes to understand how they actually run, based on observable event data.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.