back to article FBI spooks use MALWARE to spy on suspects' Android mobes - report

The Federal Bureau of Investigation is using mobile malware to infect, and control, suspects' Android handsets, allowing it to record nearby sounds and copy data without physical access to the devices. That's according to "former officers" interviewed by the Wall Street Journal ahead of privacy advocate Christopher Soghoian's …

COMMENTS

This topic is closed for new posts.
  1. Steve Davies 3 Silver badge
    Childcatcher

    how long....

    Before the FEDS mandate that they must have this built into the Operating System on all Mobiles?

    Just like all US Phones MUST have GPS built in so that the phone's location can be tracked.

    That way they can spy on all of the people all of the time?

    Icon, that's why they will justify it. Everyone is a potential paedo until WE prove otherwise.

    1. Suburban Inmate

      Re: how long....

      I always assumed they have.

      "Better to have a tinfoil hat and not need it..." etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: how long....

        Glad I have a Windows Phone....I'm sure the NSA will get around to it, but t least it's apparently rather more secure than an Android....

        1. druck Silver badge
          Happy

          Re: how long....

          AC wrote: Glad I have a Windows Phone....

          Not glad enough to post without anonymity though.

        2. Dylan Fahey
          Black Helicopters

          Re: how long....

          That's funny, because the NSA has had the inside crypto scoop on windows for years. Your phone is no different. Stay away from heavy machinery and don't drive on any roads that I use, please.

    2. Robert Helpmann??
      Childcatcher

      Re: how long....

      Before the FEDS mandate that they must have this built into the Operating System on all Mobiles?

      Just like all US Phones MUST have GPS built in so that the phone's location can be tracked.

      I think that it would be extremely difficult to make a requirement like this stick as there are a number of ways to get around OS "issues." Your point is well taken, though, as I am sure it is on any number of agencies' wishlists. Also, the tracking function is not based on GPS, or not entirely, and can be disabled in a number of ways. This can cause issues with legitimate apps; doing so it can be a bit of a trade-off.

    3. Anonymous Coward
      Anonymous Coward

      Re: how long....

      > Just like all US Phones MUST have GPS built in so that the phone's location can be tracked.

      Gee, my LG GS170 doesn't have built-in GPS. Of course, they can locate you (somewhat less accurately) by cell tower data. But mostly not me, because the phone is turned off, most of the time. I turn it on if I want to make a call, or if I'm expecting one, but otherwise it's off. And the bonus is, I get great battery life!

      1. Anonymous Coward
        Anonymous Coward

        Re: how long....

        They can still remotely access a mobile that is turned off if the battery is still inside. Even before smartphones, it was possible to send a remote command to a powered off mobile to force it to sign on.

  2. Fink-Nottle

    Nothing new

    The UK were using cell phone mics to bug Kofi Annan in the run up to the Iraq war.

  3. Christoph

    Why isn't this malware detected by any of the standard scanners? Have they managed to avoid any copies being discovered, or have they forbidden the scanner companies to include a detection?

  4. Mephistro

    " It's not just for the bad guys"

    So others, aside from the FBI are using this kind of attack?

    ;-)

  5. William Boyle

    Battery usage

    So, if your mobe battery life has gone to crap, check for malware like this... :-)

  6. Don Jefe
    Unhappy

    Sell drugs, organize terror plots, sell guns, spread malware, steal cars

    That's the FBI at work. They are a prime example of how things have gone terribly pear shaped when law enforcement is above the law.

    Slow clap... Yay, I guess.

  7. Gil Grissum

    Hmmmm...

    No mention of the iPhone or Blackberry, so is it safe to assume that these platforms are not vulnerable to FBI Malware?

    1. Anonymous Coward
      Trollface

      Re: Hmmmm...

      @Gil Grissum - >"No mention of the iPhone or Blackberry, so is it safe to assume that these platforms are not vulnerable to FBI Malware?"

      Well, probably the FBI doesn't want to be bothered with phones that are so old and "uncool" that no self-respecting extremist would be caught dead with one.

      1. Adam Foxton
        Devil

        Re: Hmmmm...

        Not quite, but Blackberry and iPhone both run through a single supplier and are both pretty well tied-in to the US.

        It'd be a LOT easier to foster a relationship with Apple and RIM on this front than with HTC, Samsung AND Nokia- the major Android suppliers, none of whom are even based on the same landmass as the FBI- and would be far less risky than getting Google to build it into their base Android build (it's relatively-open-source so it could be found and exposed, or just expunged as 'malware').

        On a personal note, I'd just like to cry "Down With This Sort Of Thing!". As telecoms data is available from the infrastructure suppliers (who will also provide convenient wiretapping systems), and they apparently don't use this approach with those sufficiently tech-savvy to be encrypting data properly prior to transmission (or if they do it's just for the transmission, with the data stored unencrypted elsewhere), this is clearly just a way of circumventing the requirements for a wiretap warrant. If they wanted to capture data BEFORE it was transmitted over the internet (passwords etc), that'd be a much more reasonable use-case.

        I'd also like to ask why permission for the modification of a suspect's property- especially when this requires equipment that is otherwise very much illegal and may cause the suspect- is easier to come by than tapping into comms they're freely blasting out over a wire.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hmmmm...

          "HTC, Samsung AND Nokia- the major Android suppliers"

          AFAIK Nokia don't and have never shipped an Android OS - they value security I guess.

    2. Philomena Cunk
      FAIL

      Re: Hmmmm...

      No, it' just the media have decided that posting about critical iOS flaws like the one linked below, are somehow not newsworthy, despite being 1000x more "real" than the Android nonsense that seems to be posted by security "experts" every other day.

      http://www.ibtimes.com/iphone-hack-researchers-find-new-vulnerabilities-apple-ios-devices-video-1370121?ft=pn476

    3. Dylan Fahey

      Re: Hmmmm...

      For the blackberry to be approved by military systems, NSA etc, needed access to confirm the system worked. Remember, the Blackberry had servers outside the U.S.A. There was no way the Blackberry was going to be approved without that inside access.

  8. This post has been deleted by its author

    1. Yet Another Anonymous coward Silver badge

      Re: "bad guys"?

      Remember their entire country was founded by a bunch of terrorists - so they don't want it happening again.

      Try throwing some tea into Boston harbo**U**r today and see how far you get

      1. Anonymous Coward
        Anonymous Coward

        Re: "bad guys"?

        "Remember their entire country was founded by a bunch of terrorists"

        You must be confusing the US with Israel?

  9. Anonymous Coward
    Anonymous Coward

    Such actions do require judicial oversight, but if one is recording activities rather than communications, the level of authorisation needed is much reduced. A US judge is apparently more likely to approve reaching out electronically into a suspect's hardware than a traditional wiretap, as the latter is considered a greater intrusion into their privacy.

    So they have to obtain judicial oversight.. which means they have to present reasonable grounds for suspicion and therefore interception to a independent body, who then gets the "yay" or nay" vote. Sounds OK to me, in fact I would expect such arrangements to be in place for all law enforcement intercepts. The problems start when some twat decides they won't bother with oversight or a need to provide reasonable grounds for intercepts... like FISA and the NSA.

    1. Charles-A Rovira
      Unhappy

      FISA and the entire DOJ are toothless pussycats.

      Oversight of any kind and openness would be a GOOD THING, even if it wouldn't stop or even slowdown the surveillance.

      It ain't gonna happen.

      The powers-that-be make too much money and have too much power from tapping everybody's communications.

  10. Anonymous Coward
    Anonymous Coward

    location, location, location

    Seems to me the Iphone probably has only 200+ NSA FBI holes left available.

    Their lovely USB hole is now being plugged, while Jobs got put in shock by the iPhone's lifetime tracking.

    Unlike IOS you can't so easily hide the malware on Android, so beam me up Scotty.

  11. John Smith 19 Gold badge
    Unhappy

    So it can't listen in on your calls, just the room sounds where you are. But it's not a wiretap.

    Oh really?

    I've been on cattle farms.

    I know BS when I smell it.

  12. Anonymous Coward
    Linux

    Federal mobile malware ..

    "The Federal Bureau of Investigation is using mobile malware to infect, and control, suspects' Android handsets, allowing it to record nearby sounds and copy data without physical access to the devices".

    How does this Federal mobile malware infect Android handsets?

    1. Don Jefe
      Facepalm

      Re: Federal mobile malware ..

      It's explained in the article...

    2. Anonymous Coward
      Anonymous Coward

      Re: Federal mobile malware ..

      "How does this Federal mobile malware infect Android handsets?"

      Presumably via one of the zillions of holes in the OS stack. Android is Linux based, so pretty much guaranteed to have a constant stream of vulnerabilities to attack. Previous Android holes have included features such as being able to be rooted just by visiting a website...

  13. Frances Banana
    WTF?

    "Guilty until proven innocent"

    Plenty of people were laughing at "Minority Report", everyone is talking about "1984 not being an instruction manual" - but what happens? The exact opposite.

    Technology that was supposed to make our life better is simply turning against us. It is almost like the technological progress is a large regression in the law & gov departments.

    Bootnote: this comment was sponsored by greed and letters F, B and I. Next episode will be sponsored by N, S and A. Hehe, provided you are still innocent my horse! :D

    Serious bootnote: we are building a medical research software suite that's supposed to be used by people - also on smartphones. I wonder when we are going to get a visit from "interesting people" with an offer "we can't refuse"...

  14. Nym

    Well, gee

    From personal experience I know that the Feds could do satellite tracking in 1978 ('twas a fine personal experience, me lads). Cell phones since they've come out have pretty well had GPS enabled for authorities' use (for emergencies mind). Gee, come to think of it, SO HAVE CARS. So, if you want none of your personal info broadcast...no car. No phone. And since things can be put in your clothing I presume on every surreptitious outing you buy a new outfit (with cash, stupid).

    The claims are not a joke. The insult is.

  15. streaky

    Sploit Sales..

    "The WSJ cites UK-based lawful spook spyware supplier Gamma International as selling such exploits to the Feds"

    Lawful? They're selling exploits to foreign governments, the list of laws that would be b0rken would border on the endless. If one of these was used to hit an EU citizen the fines against the country for not stopping it would be *massive*.

This topic is closed for new posts.

Other stories you might like