Posts Taged android

Couple find “spy camera” hidden in clock at Airbnb flat

[section_tc][column_tc span=’12’][h_tc type=’2′]

A couple claims[nbsp_tc]to have discovered a secret camera hidden in a digital clock in the Airbnb flat they were renting.

By Zoe Drewett

[/h_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

Dougie Hamilton and his girlfriend say the camera – which was pointed towards their bed in the holiday apartment – was disguised as a clock but looked suspicious. The 34-year-old said he started investigating the clock after a day of exploring in Toronto, Canada.

He had recently watched a YouTube video on secret ‘spy’ cameras hidden in cuddly toys and buttons, Dougie said. But when he picked up the clock he managed to slide its face off quite easily and was horrified to find a tiny lens that may have been recording them.

On September 7, Dougie, from Glasgow, posted about his discovery on Facebook, writing: If you use Airbnb, then you’ll definitely want to read this and possibly stop using them.’

He explained: We booked a one night stay in a lovely apartment in the center of Toronto last night (September 6). We had a crazy busy day around the city and finally were able to get to the Airbnb and relax or so we thought. I was laying on the couch and this digital clock is facing into the living area and open plan bedroom Left with my thoughts, that video pops into my head, “imagine if it was the spy camera in the clock”.

[nbsp_tc]

[/text_tc][spacer_tc pixels=’20’][/spacer_tc][image_tc url=’https://www.shapestones.co.uk/wp-content/uploads/2018/09/2.png’ timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′ target=’_self’][/image_tc][spacer_tc pixels=’20’][/spacer_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

After removing the clock’s charger and discovering a lithium battery in the back of the device the front face of the clock cam off and revealed the camera. The couple have since alerted Airbnb and police in Canada, who are both investigating. Speaking to the Daily Record, Dougie said: (Airbnb) told us the property owner has six other properties and hundreds of reviews, so it looks like we’ve been lucky. We were only in the place for 20 minutes when I noticed the clock. It was connected to a wire like a phone charger which wasn’t quite right. I felt a bit weird even thinking it and I kept telling myself not to be daft. But there was just something.

[nbsp_tc]

[/text_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

Dougie and his girlfriend – who asked not to be named – said they found the encounter ‘creepy’. A spokeswoman for Toronto police said: We received a call last Thursday regarding what appeared to be a video camera in a clock in an apartment. The investigation is continuing. Airbnb has also told Dougie its security team are looking into the claims and offered him a full refund. They said they would be canceling upcoming reservations for the owner’s properties, he added. A spokesperson for Airbnb said: We take privacy issues extremely seriously and have a zero tolerance policy for this behavior. We have removed the host from the platform while we investigate and are providing the guest with our full support.

[nbsp_tc]

[/text_tc][/column_tc][/section_tc][section_tc][column_tc span=’12’][/column_tc][/section_tc]

Amazon Echo turned into snooping device by Chinese hackers

[section_tc][column_tc span=’12’][h_tc type=’2′]

‘ALEXA, SNOOP ON MY WESTERN BUDDIES'[nbsp_tc]is potentially a command Chinese hackers barked at an[nbsp_tc]Amazon Echo[nbsp_tc]after they managed to turn it into a snooping device.

By[nbsp_tc]Roland Moore-Colyer

[/h_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

Cybersecurity boffins from Chinese firm Tencent’s Blade security research team exploited various vulnerabilities they found in the Echo smart speaker to eventually coax it into becoming[nbsp_tc]an eavesdropping device.

The hackers[nbsp_tc]showed off the snooping speaker at the DefCon security conference, reported[nbsp_tc]Wired, using it as a demonstration for the potential for smart home devices to be used for surveillance.

[nbsp_tc][br_tc]But before you boot your Echo or Google Home out of the nearest window, the hackers noted that getting into the Echo was hardly an easy process, and Amazon now has fixes for the security holes.

“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” a description of the hackers work, provided to[nbsp_tc]Wired, explained.

“When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker.”

The hackers first needed to create a spying-capable Echo,[nbsp_tc]which involved a multi-step penetration technique with enough intricacies to get past the[nbsp_tc]device’s built-in security. This included taking apart the Echo, removing its flash chip and writing custom firmware onto it before remounting the chip.

Once done, the Echo then had to be connected to the same network as a target device Echo device. From there, the hackers could exploit a vulnerability in Amazon’s Whole Home Audio Daemon, which can communicate with other Echo devices on the network, and gain control over targeted Echo gadgets.

And, from there, they could then snoop on their victims and pass recording back to the malicious Echo or pipe all manner of sound through the hijacked Echo.

The technique is hardly an easy or particularly remote way to hack an Echo, but it does conjure up some techniques spies could apply in surveillance operations, providing they have permission to sneak into a person’s house, or they could go rogue like Ethan Hunt does in pretty much every[nbsp_tc]Mission Impossible[nbsp_tc]flick.

The whole situation also highlights how security in such devices needs to be given as much attention as other smart features, as there’s already been[nbsp_tc]a swathe of examples where lax security in smart or connected devices has lead to hack attacks.

[/text_tc][/column_tc][/section_tc]

Stalker-assisting spy devices: Bugs & hacking software sold online for £20

[section_tc][column_tc span=’12’][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

USB charging cable with hidden eavesdropping GSM device (SIM card slot) ©Shapestones. [nbsp_tc]

Technology has advanced so quickly that stalkers are now able to carry out digital surveillance on their targets – bugging their phones and accessing their locations with ease, victims’ groups warn.[br_tc]Everyday more and more people are engaging in stalking, using listening devices that cost as little as £20 ($28) some of which can easily be hidden inside plug adaptors.

Companies like Amazon and eBay are selling spy tools over the internet, with victims’ helplines announcing an increasing number of complaints as a result.

“[The devices] are really easy to get, they’re really easy to use,” said Clare Elcombe Webber, manager of the National Stalking Helpline, the Guardian reported. “I think for some stalkers it really legitimizes what they’re doing… The message it sends to victims is there are all these technological advancements that help your stalker, but not you.”

Cases include a woman who had a USB-like listening gadget placed in her handbag by her stalker. There are more and more cases of small digital devices being used to spy on people

“We see this regularly… they put in listening devices or video devices in the house or tracking devices on the car and you can buy all of that on Amazon,” Chief Executive of Digital-Trust Jennifer Perry told the Guardian.

Another woman’s ex used a bug inside an extension lead. The former partner was then texting her details of the bedtime stories that she told her children.

Spyware and spying apps were also used in roughly 130 cases dealt with by the national helpline.

Shockingly, the camera of a laptop can be turned on by someone remotely using the software, while keystrokes can be traced to read conversations from the device. The purchase and installation of such devices is now illegal under the Computer Act of 1990.

“We had one client who went home, her laptop was on, she had a shower, she then got a message from her stalker saying ‘Did you have a nice shower?’” said Elcombe Webber.“It’s that kind of invasion and not knowing how that person is able to see you. Are they outside? Are they in the house? It’s really, really frightening.”

In the 11 months to November 2017, the National Stalking Helpline received 4,337 calls or emails. More than half of cases were involving an ex-partner and 77 percent of the victims were female.

After the Guardian alerted eBay to the existence of the USB and plug listening devices, the items were removed from the site.

Source: RT News

[/text_tc][/column_tc][/section_tc]

New LTE attacks open users to eavesdropping, fake messages, location spoofing

[section_tc][column_tc span=’12’][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.

The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more.

[/text_tc][spacer_tc pixels=’15’][/spacer_tc][h_tc type=’3′]

The attacks

[/h_tc][spacer_tc pixels=’15’][/spacer_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

The researchers – Syed Rafiul Hussain, Shagufta Mehnaz and Elisa Bertino from Purdue University, and Omar Chowdhury from the University of Iowa – have employed a systematic model-based adversarial testing approach to expose the vulnerabilities in 4G LTE’s critical procedures (most notably attach, paging, and detach procedures).

[/text_tc][spacer_tc pixels=’30’][/spacer_tc][image_tc url=’https://www.shapestones.co.uk/wp-content/uploads/2018/03/LTE-attacks.png’ timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′ target=’_self’][/image_tc][spacer_tc pixels=’30’][/spacer_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

Among the uncovered attacks they consider one particularly worrying: an authentication relay attack that allows an adversary to impersonate an existing user (mobile phone) without possessing any legitimate credentials.

“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” they pointed out.

“Other notable attacks reported in this paper enable an adversary to obtain user’s coarse-grained location information and also mount denial of service (DoS) attacks. In particular, using LTEInspector, we obtained the intuition of an attack which enables an adversary to possibly hijack a cellular device’s paging channel with which it can not only stop notifications (e.g., call, SMS) to reach the device but also can inject fabricated messages resulting in multiple implications including energy depletion and activity profiling.”

To ensure that these attacks they found are realizable in practice and pose actual threats, they have validated eight of them through experimentation in a real-world scenario (a custom-built LTE network or commercial networks with a logical Faraday cage).

In the paper they explain how they set up malicious:

• eNodeB base stations by using a Universal Software-defined Radio Peripheral device and an open source LTE protocol stack implementation[br_tc]• Malicious UEs (mobile phones)[br_tc]• Victim EUs, and[br_tc]• A low-cost, real-time LTE channel decoder.

The highest amount spent on a particular setup was $3900, and that’s within reach for many adversaries.

[/text_tc][spacer_tc pixels=’15’][/spacer_tc][h_tc type=’3′]

Defenses against the attacks

[/h_tc][spacer_tc pixels=’15’][/spacer_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

There are possible defenses against these attacks, but the researchers refrained from offering any ideas.

“We deliberately do not discuss defenses for the observed attacks as retrospectively adding security into an existing protocol without breaking backward compatibility often yields band-aid-like-solutions which do not hold up under extreme scrutiny,” they noted.

“It is also not clear, especially, for the authentication relay attack whether a defense exists that does not require major infrastructural or protocol overhaul. A possibility is to employ a distance-bounding protocol; realization of such protocol is, however, rare in practice.”

4G LTE is set to be supplanted by 5G technology, but a complete switch won’t happen for many years. These vulnerabilities can become a big problem in the interim.

Source: HelpNetSecurity

[/text_tc][/column_tc][/section_tc]

This smartphone cuts off your camera and microphone so no spy agencies can watch you

[section_tc][column_tc span=’12’][ul_tc timing=’linear’ duration=’1100′ delay=’0′][li_tc icon=’el-el_stop’ icon_color=’#cdad00′]

Cybersecurity firm DarkMatter has unveiled its first smartphone

[/li_tc][li_tc icon=’el-el_stop’ icon_color=’#cdad00′]

Katim is designed to stop spy agencies listening to you

[/li_tc][li_tc icon=’el-el_stop’ icon_color=’#cdad00′]

It is an Android smartphone with a 5.2-inch display and strong encryption

[/li_tc][li_tc icon=’el-el_stop’ icon_color=’#cdad00′]

One security feature called “shield mode” disconnects power from the microphone and camera on the device, so nobody can spy on your conversations

[/li_tc][/ul_tc]

[spacer_tc pixels=’30’][/spacer_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

Cybersecurity firm DarkMatter has launched its first smartphone, designed to stop spy agencies listening to you.

An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption.

DarkMatter unveiled the phone concept last year but has now brought it to market.

[nbsp_tc][br_tc]One security feature built by the Middle East-based firm is called “shield mode,” which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations.

“If you are to enter a secure meeting or a very confidential meeting as a business, you are striking a secret deal, or as a government having a secret meeting in that regard… you always tend to find people leaving their phone outside the meeting,” Faisal Al Bannai, CEO of DarkMatter, told CNBC in an interview Tuesday.

“It’s because you can’t trust that no one, no super agencies are able to turn on that mic while you are sitting in the room.”

Al Bannai said the company has built the Katim smartphone from the “ground up” with security.

Shield mode is activated by flicking a button on the side of the device; the CEO said this makes it more secure.

“This button will physically disconnect the power from the mic and camera, which means unless that super agency has a way of physically shifting that button back, there is no way that mic is turning on and listening to what you’re saying,” Al Bannai said.

Privacy and spying via devices was thrust into the spotlight in 2016 when a photoemerged showing that Facebook CEO Mark Zuckerbergtapes up the webcam of his laptop.

DarkMatter is not the only provider of security-focused devices. On Tuesday, cybersecurity firm Sikur announced what it claims is a hack-proof smartphone designed to store cryptocurrencies securely. And at Mobile World Congress, Chinese electronics maker Huawei unveiled a new laptop called the MateBook X Pro that has a camera hidden in the keyboard.

Al Bannai also revealed that 2017 revenue hit $400 million, up from $200 million the year before.

Arjun Kharpal[br_tc]Source: CNBC

[/text_tc][/column_tc][/section_tc]

China’s ZTE says is trusted partner after U.S. concern

[section_tc][column_tc span=’12’][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

BEIJING (Reuters) – Chinese telecoms equipment group ZTE Corp hit back on Thursday against concerns from U.S. lawmakers that it is a vehicle for Chinese espionage, saying it was a trusted partner of its U.S. customers, state news agency Xinhua reported.

China is trying to gain access to sensitive U.S. technologies and intellectual properties through telecommunications companies, academia and joint business ventures, U.S. senators and spy chiefs warned on Tuesday.

Republican Senator Richard Burr, chairman of the Senate Intelligence Committee, said he was concerned about the ties to the Chinese government of Chinese telecoms companies like Huawei Technologies Co Ltd and ZTE.

“ZTE is proud of the innovation and security of our products in the U.S. market,” Xinhua cited a ZTE spokesman as saying.

The company takes cybersecurity and privacy seriously, has always adhered to laws and remains a trusted partner of U.S. suppliers and customers, the company added.

“As a publicly traded company, we are committed to adhering to all applicable laws and regulations of the United States, work with carriers to pass strict testing protocols, and adhere to the highest business standards,” it said.

Last week, Republican Senator Tom Cotton and Republican Senator Marco Rubio introduced legislation that would block the U.S. government from buying or leasing telecoms equipment from Huawei or ZTE, citing concern the companies would use their access to spy on U.S. officials.

In 2012, Huawei and ZTE were the subject of a U.S. investigation into whether their equipment provided an opportunity for foreign espionage and threatened critical U.S. infrastructure – something they have consistently denied.

Allegations of hacking and internet spying have long strained relations between China and the United States. In 2014 then FBI Director James Comey said Chinese hacking likely cost the U.S. economy billions of dollars every year.

China has strongly denied all U.S. accusations of hacking attacks.

Reporting by Ben Blanchard; Editing by Stephen Coates

Source: Reuters

[/text_tc][/column_tc][/section_tc]

U.S. senators concerned about Chinese access to intellectual property

[section_tc][column_tc span=’12’][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

WASHINGTON (Reuters) – China is trying to gain access to sensitive U.S. technologies and intellectual properties through telecommunications companies, academia and joint business ventures, U.S. senators and spy chiefs warned on Tuesday at a Senate hearing.

Republican Senator Richard Burr, chairman of the Senate Intelligence Committee, said he worried about the spread in the United States of what he called “counterintelligence and information security risks that come prepackaged with the goods and services of certain overseas vendors.”

“The focus of my concern today is China, and specifically Chinese telecoms (companies) like Huawei (Technologies Co Ltd [HWT.UL]) and ZTE Corp, that are widely understood to have extraordinary ties to the Chinese government,” Burr said.

[nbsp_tc][br_tc]Chinese firms have come under greater scrutiny in the United States in recent years over fears they may be conduits for spying, something they have consistently denied.

A Huawei spokesman said the company is aware of “U.S. government activities seemingly aimed at inhibiting Huawei’s business in the U.S. market.” He also said the firm is trusted by governments and customers in 170 countries and poses no greater cyber security risk than other vendors.

ZTE officials did not immediately respond to a request for comment.

[nbsp_tc][br_tc]Burr said he worried that foreign commercial investment and acquisitions might jeopardize sensitive technologies and that U.S. academic research and laboratories may be at risk of infiltration by China’s spies.

Several of the U.S. spy agency chiefs who testified at the committee’s annual worldwide threats hearing cited concerns raised by what they called China’s “all of society” approach toward gaining access to technology and intellectual property.

“The reality is that the Chinese have turned more and more to more creative avenues using non-traditional collectors,” said FBI Director Christopher Wray in response to a question about student spies.

Senator Mark Warner, the committee’s Democratic vice chairman, said he worried about commercialization of surveillance technologies as well as the close relationship between the Chinese government and companies.

“Some of these Chinese tech companies may not even have to acquire an American company before they become pervasive in our markets,” Warner said.

Wray said the United States needed a more “strategic perspective on China’s efforts to use acquisitions and other types of business ventures.”

[/text_tc][spacer_tc pixels=’30’][/spacer_tc][image_tc url=’https://www.shapestones.co.uk/wp-content/uploads/2018/02/Federal-Bureau-of-Investigation-FBI-Director-Christopher-Wray.png’ timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′ target=’_self’][/image_tc][spacer_tc pixels=’30’][/spacer_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

Under questioning from Republican Senator Tom Cotton, none of the Intelligence officials said they would use a Huawei or ZTE product.

Last week, Cotton and Republican Senator Marco Rubio introduced legislation that would block the government from buying or leasing telecoms equipment from Huawei or ZTE, citing concern the companies would use their access to spy on U.S. officials.

In 2012, Huawei and ZTE were the subject of a U.S. investigation into whether their equipment provided an opportunity for foreign espionage and threatened critical U.S. infrastructure – something they have consistently denied.

[nbsp_tc][br_tc]“Chinese cyber espionage and cyber attack capabilities will continue to support China’s national security and economic priorities,” said Dan Coats, the director of national intelligence.

Speaking in Beijing, Chinese Foreign Ministry spokesman Geng Shuang said the United States was the world’s most powerful country.

“If even the United States thinks it is surrounded by threats, what should other countries do?” Geng told reporters.

“I don’t know where the United States’ sense of insecurity comes from. But I want to emphasize that in this world there is no such thing as absolute security. One country’s security can’t be put before another country’s security.”

Reporting by Patricia Zengerle and Doina Chiacu; Additional reporting by Michael Martina in BEIJING; Editing by Frances Kerry, Rosalba O’Brien, Susan Thomas & Simon Cameron-Moore

Source. Reuters

[/text_tc][/column_tc][/section_tc]

Lebanese security agency turns smartphone into selfie spycam: researchers

[section_tc][column_tc span=’12’][image_tc url=’https://www.shapestones.co.uk/wp-content/uploads/2018/01/REUTERSAli-Hashisho.png’ timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′ target=’_self’][/image_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

FRANKFURT (Reuters) – Lebanon’s intelligence service may have turned the smartphones of thousands of targeted individuals into cyber-spying machines in one of the first known examples of large-scale state hacking of phones rather than computers, researchers say.

Lebanon’s General Directorate of General Security (GDGS) has run more than 10 campaigns since at least 2012 aimed mainly at Android phone users in at least 21 countries, according to a report by mobile security firm Lookout and digital rights group Electronic Frontier Foundation (EFF).

The cyber attacks, which seized control of Android smartphones, allowed the hackers to turn them into victim-monitoring devices and steal any data from them undetected, the researchers said on Thursday. No evidence was found that Apple (AAPL.O) phone users were targeted, something that may simply reflect the popularity of Android in the Middle East.

The state-backed hackers, dubbed “Dark Caracal” by the report’s authors – after a wild cat native to the Middle East – used phishing attacks and other tricks to lure victims into downloading fake versions of encrypted messaging apps, giving the attackers full control over the devices of unwitting users.

Michael Flossman, the group’s lead security researcher, told Reuters that EFF and Lookout took advantage of the Lebanon cyber spying group’s failure to secure their own command and control servers, creating an opening to connect them back to the GDGS.

“Looking at the servers, who had registered it when, in conjunction with being able to identify the stolen content of victims: That gave us a pretty good indication of how long they had been operating,” Flossman said in a phone interview.

Dark Caracal has focused their attacks on government officials, military targets, utilities, financial institutions, manufacturing companies, and defense contractors, according to the report.

The researchers found technical evidence linking servers used to control the attacks to a GDGS office in Beirut by locating wi-fi networks and internet protocol address in or near the building. They cannot say for sure whether the evidence proves GDGS is responsible or is the work of a rogue employee.

The malware, once installed, could do things like remotely take photos with front or back camera and silently activate the phone’s microphone to record conservations, researchers said.

Responding to a question from Reuters about the claims made in the report, Major General Abbas Ibrahim, director general of GDGS, said he wanted to see the report before commenting on its contents. He added: “General Security does not have these type of capabilities. We wish we had these capabilities.”

Ibrahim was speaking ahead of the report’s publication.

Source: Reuters

[/text_tc][/column_tc][/section_tc]

Android security: This newly discovered snooping tool has remarkable spying abilities

[section_tc][column_tc span=’12’][h_tc type=’2′]

The mobile malware can steal WhatsApp messages, eavesdrop on targets based on GPS coordinates, and more.

[/h_tc][image_tc url=’https://www.shapestones.co.uk/wp-content/uploads/2018/01/Skygofree.png’ timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′ target=’_self’][/image_tc][spacer_tc pixels=’15’][/spacer_tc][text_tc timing=’linear’ trigger_pt=’0′ duration=’1000′ delay=’0′]

A newly-uncovered form of Android spyware is one of the most advanced targeted surveillance tools ever seen on mobile devices, coming equipped with spying features never previously seen active in the wild.

Named Skygofree by researchers because the word was used in one of its domains, the multistage malware is designed for surveillance and puts the device in full remote control of the attackers, enabling them to perform advanced attacks including location-based sound recording, stealing communications including WhatsApp messages, and connecting to compromised networks controlled by the malware operators.

Researchers at Kaspersky Lab say those behind spyware have been active since 2014 and are targeting select individuals — all in Italy. Those behind the mobile surveillance tool are also thought to be based in Italy.

“Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions,” said Alexey Firsh, malware analyst in targeted attacks research at Kaspersky Lab.

The malware was uncovered during a review of suspicious file feeds, with its capabilities uncovered after analysing the code.

Still thought to be receiving updates from its authors, Skygofree offers attackers 48 different commands, allowing them flexibility to access almost all services and information on the infected device.

That includes the ability to secretly to use the device’s microphone eavesdrop on the user and their surroundings when they enter a specified location — a surveillance feature which has never previously been seen in the wild.

Other previously unseen features bundled with Skygofree are the ability to use Accessibility Services to steal WhatsApp messages of victims and an ability to connect an infected device to wi-fi networks controlled by the attackers.

The malware is also equipped with all the features and root access privileges usually associated with trojan spyware, including capturing photos and videos, seizing call records and text messages, as well as monitoring the user’s location via GPS, their calendar, and any information stored on the device.

If the user has chosen to run battery-saving measures, Skygofree is able to add itself to the list of ‘protected apps’ in order to ensure it can carry on its malicious activity, even when the screen is off or the phone isn’t active.

It remains unclear if those targeted by Skygofree have anything in common outside of being based in Italy, but research suggests that those infected with the Android malware have been compromised after visiting fake websites which mimic those of leading mobile operators.

While researchers still don’t know how the victims are lured onto these malicious sites, once there, they’re asked to update or configure their device configuration, allowing the malware to be dropped in the process.

Most attacks appear to have taken place in 2015, but there’s evidence that Skygofree is still active with evidence of attacks as recently as 31 October 2017. The attackers have gone out of their way to ensure that Skygofree remained under the radar without being detected.

“High-end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion,” said Firsh.

In addition to actively infecting Android devices, the attackers also appear to have an interest in Windows systems: researchers uncovered recently-developed modules to target the platform.

However, given the treasure trove of information a mobile device can provide to attackers, it’s no surprise that those behind Skygofree put their main focus on Android — especially given the chance it offers to track a user’s movement and therefore activate attacks based on location.

“Mobile spyware is becoming more effective than PC variants, because victims keep their mobile phone close by them at all times, and such implants can exfiltrate a large amount of sensitive information,” Vicente Diaz, deputy head of the global research and analysis team at Kaspersky Lab, told ZDNet. “Some of the never before seen-in-the-wild features of Skygofree are remarkable in their capability.”

In order to protect against falling for these sorts of targeted cyber-attacks, mobile users are encouraged to use a security tool to help protect their device and to exercise caution when they receive emails from people or organisations they don’t know, or with unexpected requests or attachments.

By Danny Palmer[br_tc]Source: ZDNet

[/text_tc][/column_tc][/section_tc]