Government App Spying Targets Android Smartphones

TwitterGoogle+FacebookLinkedInPinterestTumblrStumbleUponRedditShare This

Alvin Bryan

Alvin Bryan is a freelance writer and online privacy enthusiast enthusiast currently contributing quality tips and troubleshooting on personal VPN services, and online privacy and security news. You can also find him on Google +.

Governments have been equipped with app spying malware for years. Recently a sly and powerful Android spyware program was discovered. Citizen Lab uncovered this app spying program created by Hacking Team. It is a trojan injected into legitimate apps that gives users root control over infected devices.

Android App Spying Discovered

Citizen Lab App Spying DiscoveredCitizen Lab of the University of Toronto focuses on monitoring government surveillance activities. They discovered a fake Arabic news and information app Qatif Today that carries a trojan virus. They analyzed the app and found that it was created by Hacking Team. Hacking Team is a for profit group that engineers spyware and sells it to rich governments. Hacking Team has raised app spying to a new level with their crafty malware. It can fully open an Android device to remote spying and is virtually undetectable to users.

Hacking Team designs spyware for governments under its “lawful intercept” program. This malware is of the same type used by the NSA to monitor criminal suspects. But it can also easily be used to monitor any Android user without just cause or due process. Hacking Team is not concerned with the legality of app spying. They merely produce a product in demand by governments around the world. The Trojan found in the fake version of Qatif Today is called an Android implant. It hides inside an app that is offered on third-party sites and sources. The APK is designed to not raise eyebrows. It even carries a digital certificate to fool users. This level of app spying can be easily abused.

Android Spying with Root Access

app spying Hacking TeamAs soon as a user installs the infected app spying begins with a connection to command and control (C&C) servers. This is basically the same system that sophisticated hackers use. Citizen Lab identified the server addresses as 91.109.17.189 and 106.186.17.60. These IPs have also been linked to other Hacking Team operations. The app spying implant then bypasses the Android sandbox to get root access. It uses the Framaroot vulnerability in the Samsung Exynos chipset of devices running Android version 4.

With root access, the app spying trojan is free to access anything on the Android device. It first goes after any data that is filed by various apps on the device. For most users, this includes messaging apps like Viber, social media apps like Facebook, and VoIP apps like Skype. The app spying trojan then goes for audio, video and image files. It can control these apps as well, including turning on the device microphone. It can also log keystrokes and use a crisis module to prevent analysis of it activities. Other modules allow the app spying trojan to take screenshots, and to track and record locations and browsing activities. The app spying trojan sends all this data to the C&C servers.

Many other app spying malware is capable of doing much of the above. But the app spying trojan found by Citizen Lab is more sophisticated. It has filtering capabilities to collect text and email messages within a designated date range. The app spying trojan also known when the device connects to WiFi hotspots and carrier networks. And it can control bandwidth and the type of connections used.

Government App Spying by Remote

Hacking Team app spying programThe sophisticated app spying program developed by Hacking Team comes along with a remote control system. This system employs administrators, analysts and technicians to organize the data that is sucked out of the device. The applicable data is then delivered to clients. One of the first steps is to request the specific application that the client wants to use. Hacking Team then melts the Android implant with the app.

Apart from the standard mobile installation or installation via portable disk, the app spying implant can accomplish a lot. It can create QR codes and U3 USBs that infect devices automatically. It can inject malicious traffic on the network to deliver the spyware, via LAN, WiFi or ISP. Documents can also be used to infect mobiles and desktops. ISO images for bootable disks can also be provided for infecting devices even when they are offline or turned off. Silent installers for desktop and WAP push messages for mobile are also available.

Hacking Team has made app spying very convenient for its clients. They can access filtered data from the devices they have infected in a single click. And they can toggle the tracking of different functions like browsing, contacts and calendar on and off from a dashboard. For advanced app spying, the system can tell the spyware to activate different functions in a predetermined sequence. This way, the client can tell the trojan what to activate when the device does something.

2 thoughts on “Government App Spying Targets Android Smartphones

  1. Pingback: Phone VPNs | Secure Apps | Phone Prvacy Practices | VPN Express

  2. Pingback: Police Less Able to Break Device Encryption | VPN Express

Comments are closed.