Over the last year or so, SecureList has been looking into Hacking Team's products to suss out their capabilities. Recently, it's been focusing on the tool's mobile modules -- malware designed to monitor and log data from Android, iOS, Windows Mobile and BlackBerry devices. Since one of those platforms is a struggling brand and the other has already been replaced, the team focused on modules designed specifically for iOS and Android -- the analysis revealed a shockingly powerful surveillance system. Hacking Team's iOS product can take control of a handsets Wi-Fi and GPS units, record voice, log E-mail, SMS and MMS data, track web usage and call history, read data from the devices clipboard and notes, peek at calendar appointments, log keystrokes and even control and activate the microphone for covert eavesdropping.
These tools seem terrifyingly powerful, but don't panic just yet -- installing them on a device is no laughing matter. According to SecureList's investigation, the iOS modules will only function on jailbroken iPhones, and even then an attacker needs to have physical access to the device or remote administrator access to install the malware. Both iPhones and Android devices can be infected by connecting to a computer with Hacking Team's desktop software, but only if the device has been unlocked with a password. You aren't going to implant your device with tracking tools by simply browsing the web. Still, it's good to be aware that spying products like this exist.
Perhaps the strangest thing about Hacking Team is how it presents itself. The italian company insists that its products are intended for legal surveillance only, such as police officers who have a warrant for a suspect in custody. The company's website is clean and unsettlingly open about its product's capabilities. "Total control over your targets," it says. "Log everything you need." It's not hiding itself, and it openly admits that its products are intended for governmental bodies. Proving that your government is one of its customers is another matter, but SecureList's ping of countries using RCS servers fingers the United States as the firm's biggest customer. It's impossible to say for sure what the US-located RCS severs are being used for, but SecureList says that "several IPs were identified as 'government' related based on their WHOIS information and they provide a good indication of who owns them."
Is the government listening in on your water cooler talk? Probably not, but the tools for them to do so exist, and it's actively marketed to law enforcement. Regardless of how you feel about Edward Snowden, PRISM and government surveillance, it's clear that law agencies can do a lot more than simply collect call metadata. Hungry for more details? Check out the source links below for an in-depth look at the researchers adventure into fingerprinting methods, servers and RCS configuration file code.
[Image Credit: Shutterstock / arbalet]