Increasingly sophisticated forms of spyware and malware can turn smartphone microphones and cameras into listening and spying devices, putting sensitive conversations and visual details at risk.
Companies supplying these technologies are the Israeli NSO Group, Italian Hacking Team, U.K.-based Gamma Group,
Dozens upon dozens of spyware firms offer a range of smartphone surveillance, from video and audio recording to location and text monitoring, including regimes with dubious human rights records.
Privacy is really Priceless: Do you need ultra-secure Anti Surveillance communications (voice calls & text messaging) with untraceable file transfers & anonymous file storage solutions?
DigitalBank Vault provides military-grade encryption devices that are immune to all the above-mentioned spyware technologies.
Particularly troubling for civil society is the legal uncertainty of these spyware tools. While security researchers like Citizen Lab keep uncovering instances of abuses, and lawyers of the targeted individual take the fight to courts, federal contracts for the sale and deployment of such mobile spyware tools continue with little to no oversight. The industry is a veritable wild west of cyberweaponry, with no sheriffs to protect anyone with a smartphone.
Ultra-secure data storage and advanced encryption devices are at the core of all that we do at DigitalBank.
We are a cybersecurity company providing sophisticated encryption devices and systems for the communication and data storage industries, securing total privacy.
For more information: https://www.digitalbank.capital/
Karsten Nohl, a cryptographer and managing director at Security Research Labs, says that there are two dimensions to lawful intercept tools: is the smartphone an iPhone or not, and does the exploit require “help” from the phone’s user. Some exploits require users to do something like install a security update—despite warnings—that downloads malware onto their device. Nohl says the simplest exploits are those for Android phones, and that the preferred exploits work over the internet, while others only work in Wi-Fi range. Nohl says that NSO Group can hack most versions of the iPhone and many Android phones, and that this usually happens remotely.
“The most difficult would be a remote exploit of an iPhone, and, as far as I can tell, most of the time NSO Group has a monopoly on this,” says Nohl. “There is nobody else who can promise continuous access to iPhone without help from users.”
Still, when it comes to matters of surveillance, whether state or corporate, we very often don’t know what we don’t know.
Nohl says an iPhone exploit will set a customer back millions of dollars. An Android exploit, on the other hand, costs only hundreds of thousands of dollars. The iPhone ecosystem is clean, with only one software for a number of devices, which creates highly specialized exploit research and development, hence the high market prices. The Android ecosystem is much more fragmented, requiring less effort to design exploits for various vendors and phones, but requiring more work to maintain the exploits over time.
Apple has declined to comment publicly on the capabilities of NSO or other spyware makers. In 2016, after an investigation by Citizen Lab into Pegasus prompted Apple to release a security patch for iPhones, the company neither specified the reason or the culprit nor did it contact human rights groups. That year, Google and cybersecurity company Lookout said they found traces of NSO spyware on “a few dozen” smartphones in 11 countries, predominantly in Israel, Mexico, Georgia, and Turkey.
There are cheaper options. Rather than attacking phones, Nohl says most spyware vendors offer SS7 spying, which takes advantage of vulnerabilities in the mobile network. SS7, or Signaling System No. 7, is a protocol that allows various phone networks to communicate with one another. When an exploit gives hackers access to SS7, they can capture smartphone user information like voice calls, text messages, location information, and other data. “Of course, your iPhone can be strong as you want security-wise, but if the mobile network leaks information, that’s outside the control of the phone and Apple. Companies like Circles are very actively promoting that they can track the location of a phone through SS7.”
SS7 exploits, Nohl notes, will set customers back on the order of tens of thousands of dollars. He assumes every spyware maker has access to SS7 networks. But Nohl says Android exploits are growing more sophisticated and new competitors are entering the market, putting these tools in the hands of growing numbers of customers.
Ability, a Tel Aviv-based spyware firm, sells something called the Unlimited Interception System (ULIN), which, along with a tactical cellular interception system called IBIS (In-Between Interception System) allows Ability to intercept GSM, UMTS, LTE, AND CDMA networks to spy on a target’s smartphone. Mexico spent $42 million on ULIN and other tools in 2016, but Ability has also had customers in China, Singapore, Myanmar, the Czech Republic, Germany, and other countries. The company website states its customers include security and intelligence agencies, military forces, law enforcement, and homeland security agencies in over 50 countries.
While its fortunes have faded recently—last year it settled a lawsuit with investors for misleading financials—Ability is still actively developing new exploits, according to Forbes.