Tools governments use to hack mobil phones
Security companies Kaspersky Lab in Russia and Citizen Lab in Canada have separately uncovered shocking information about a tool used by multiple governments to spy on ordinary citizens: and these tools might already be installed secretly in your phone.
Based on modules and user manuals taken from Italian surveillance company Hacking Team, Kaspersky and Citizen Lab found out that around 60 governments are using a tool called Galileo to remotely access mobile phones and spy on the activities of its users.
Kaspersky revealed that there are around 350 command-and-control servers in more than 40 countries using Hacking Team’s tool. 64 of these are in America.
To understand what Hacking Team’s tool can do, Kaspersky and Citizen Lab reverse-engineered Hacking Team’s modules. These are what they found out:
What are Hacking Team and Galileo?
Hacking Team is a provider of what it calls ‘offensive technology’ and is led by Alberto Ornaghi and Marco Valleri. Its Remote Control System surveillance tool, also known as Galileo or Da Vinci, was developed in 2001. The team has since collaborated with police to create more tools that intrude into communications devices like phones, desktop computers and laptops.
Galileo is Hacking Team’s tool that can target mobile phones. Galileo can be installed into Android, iOS, Windows Mobile and Blackberry phones to record and steal data, including:
- Text messages
- Call history
- Address books
- Search history
- Keystrokes (passwords)
Hacking Team argued that their products are intended for lawful government use only and that they do not sell their products to countries blacklisted by the North Atlantic Treaty Organization (Nato). However, there have been reports about governments using Hacking Team’s tools to spy on political protesters, journalists and human rights advocates.
Some related issues include the malicious Qatif Today app linked to Saudi Arabia, a bogus file sent to citizen journalist group Mamfakinch in Morocco and a suspicious email to an American woman who voiced criticism against Turkey’s Gulen movement.
What they can do
There is more to Hacking Team’s tool than just get information that is already saved inside mobile phones. They can also hijack the phone and use it secretly to:
- Take screenshots
- Snap pictures
- Activate the microphone to record or eavesdrop ambient conversations
- Monitor calls
- Monitor the user’s location through GPS
- Boost the user’s data charges and raise suspicion
Kaspersky researcher Sergey Golovanov commented: ‘Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target — which is much more powerful than traditional cloak and dagger operations.’
How they are installed to your phone
There are many ways that tools like Galileo can be installed in your device. These include:
- Physically installing them in the phone
- Connecting the phone to an infected computer and other devices
- Create links that, when clicked, automatically downloads the tool
- Through suspicious apps
So far, Kaspersky and Citizen Lab haven’t seen any instance of Galileo infecting mobile phones via opening a malicious website, although it is possible to do this.
How they avoid detection
What is dangerous about Galileo and similar sophisticated tools is that mobile phone owners may not know that their device has already been infected. This is because Galileo only activates when phones enter into certain modes like connecting to a specific Wi-Fi network.
It also kicks in without the owner’s knowledge by showing fake screens while spying or using advance techniques that avoid draining the battery and raising the owner’s suspicion. Kaspersky Global Research and Analysis Team Head Costin Raiu couldn’t help but comment ‘I can’t remember having seen such advanced techniques in other mobile malware.’
Another way Galileo avoids detection is that it can go into ‘crisis’ or ‘wipe’ modes when it senses that detection activities are occurring. The tool can then auto wipe-out its existence in the phone. However, Citizen Lab said this response system is not perfect because it still leaves traces like automatic restart in Blackberry and permission to erase the application ‘DeviceInfo’ in Android.
The researchers said that it is important to know how Hacking Team’s tools and similar sophisticated ‘offensive’ tools work because they are a form of malware on mobile phones that allows government to target ordinary citizens.