Published on June 25th, 2014 📆 | 8598 Views ⚑0
Researchers Find and Decode the Spy Tools Governments Use to Hijack SmartPhones
The malware, dubbed as Remote Control System (RCS), also known as Da Vinci and Galileo, is developed by an Italian company known as Hacking Team, available for desktop computers, laptops, and mobile devices. The latest version of the malware works for all phone including Android, iOS, Windows Mobile, Symbian and BlackBerry devices, but best on Android devices, and can also be installed on jailbroken iOS devices. But even if the targeted iOS device is not jailbroken, the malware uses the famous Evasi0n jailbreaking tool to install the malware easily.
Kaspersky Lab researchers have used a fingerprinting method to scan the entire IPv4 space and to identify the IP addresses of RCS Command & Control servers around the world and found the biggest host in United States with 64 counts of C&C servers. Next on the list was Kazakhstan with 49, Ecuador has 35, UK which hosts 32 control systems and many other countries with a grand total of 326 Command & Control servers.
“The presence of these servers in a given country doesn’t mean to say they are used by that particular country’s law enforcement agencies,” said Sergey Golovanov, principal security researcher at Kaspersky Lab. “However, it makes sense for the users of RCS to deploy C&Cs in locations they control – where there are minimal risks of cross-border legal issues or server seizures.”
RCS can be physically implanted on the victim’s device through a USB or SD card, and remotely it can be installed through spear phishing, exploit kits, drive-by downloads or network traffic injection.
- control phone network
- steal data from their device
- record voice E-mail
- intercept SMS and MMS messages
- obtain call history
- report on their location
- use the device’s microphone in real time
- intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more.
“Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target—which is much more powerful than traditional cloak and dagger operations,” Golovanov wrote.