back to article You dirty RAT! Hong Kong protesters infected by iOS, Android spyware

Hong Kong activists who have taken to the streets to demand electoral freedom are being targeted by mobile spyware – an Android and iOS remote-access Trojan to be precise. Israeli security firm Lacoon Mobile Security spotted the Xsser mRAT spyware being distributed under the guise of an app to help coordinate the Occupy …

  1. Longrod_von_Hugendong
    Unhappy

    I am reminded of the saying...

    it is dangerous to be right in matters about which the established authorities are wrong.

    and I think its very true!!

  2. Mike Bell

    One more reason (amongst very many) why I would not choose to Jailbreak an iPhone.

    1. Tsiklon

      i do believe that the user must be enticed to install the application, i would hope that if you've gone to the trouble of jailbreaking your device you would be intelligent enough to vet the software you install to the device, using only the default repositories which are known good. but yes people are idiots.

      1. BitDr

        Rooting != Intelligent_User

        The average user, having seen some neat things that can be done with a rooted device, only needs to know someone who can root their device for them. They were probably cautioned at the time it was done, but all they heard was "blah-blah-blah be careful yadda yadda" .

    2. JCitizen
      Coffee/keyboard

      All your devices are belong to us!!

      Honestly - does anyone here seriously think the PRC doesn't have back doors and/or circuit hijinks built right into the chip technology? A friend of mine (who shall remain anonymous) caught such a design at a lab in Malaysia of a die destined for China, when he/she started asking questions they hurried my friend out of the lab right straight away! How can any of us honestly confirm there isn't a Chinese ghost in the machine of any device sold all over the world - Chinese chips are everywhere! Is our governments actually checking on any of this? I doubt they even check devices made for critical departments of the Armed Forces!!

  3. Paratrooping Parrot

    I suppose that for Android, you should only accept apps from certain places and not anywhere. Although what really annoys me is the number of applications that need a whole load of permissions where there is absolutely no need.

    I mean, the permission list on Facebook's Messenger makes it too dangerous to trust. :(

    1. BitDr

      Loads of Permissions

      Agreed, too many apps want access to everything on your device, those do not get installed on mine. A really good example is my bank's app. It wants access to everything but I can use their web-site without that kind of privacy invasion.

    2. mrmond

      Although the permissions in that app are the ones needed to make it do what it says in the features list.

      Not exactly hidden or underhand.

    3. ProperDave

      I like it when the authors of Android Apps display the reasons behind permission requests. It's gotten somewhat easier through the different versions too as the permissions have been broken down into more granular categories.

      That being said, there's currently 46 apps on my phone needing manual updates, and I've chosen to ignore them for the past 6 months as they all want new permissions which I don't think they deserve.

      1. Steve Evans

        @ProperDave

        I'm so glad I'm not the only one!

        Even when I transfer to new devices, I use APKsend to retain the old "none invasive" version of several apps... Although when it came to Facebook, and their habit of "forcing" you to update the mobile app, I ditched it completely and just use m.facebook.com instead... I suspect that might be a bit longer lived given it's the access method for feature phones... How long it'll be before I have to hide the fact my phone is a fire-breathing smart phone from the user-agent string is unknown.

  4. William Donelson

    ONLY to iOS if you stupidly Jail Break your phone.

    Apple has a walled garden that includes 100% of the 10,000 things I want to do with my phone, MUCH safer than Android.

    And for those who DO jailbreak, what's to say the Chinese government hackers don't know that and entice and disguise the trojans etc? The articles I have read say their malware is disguised well, as coordinating apps for the protests.

    I am sure they are very very clever in attacking Jail-broken iPhones and swiss-cheese Android.

    1. DougS Silver badge

      Since the government has full control of the internet, DNS, etc. as well as the ability to fake certificates it would easily be within their means to perform a MITM attack when Android owners connect to the Google Play store. Or, even easier, perform this attack (possibly via a complete takeover) using one of the Chinese app stores that people in China have come to trust. The idea that Android users in Hong Kong are safe if they avoid downloading apps from dodgy sources is a bit naive.

      A device that's only capable of running signed apps may be limiting in some ways, but it prevents a lot of mischief that a state actor that possesses total control over the internet might possibly accomplish to get malware onto your phone.

      1. Anonymous Coward
        Anonymous Coward

        that's fascinating: how are they faking the certificates? my understanding is that a mitm could replace an ssl cert with their own, but the forged replacement cert won't be considered safe by browsers unless it's signed by one of the certificate authorities.

        1. Matt Piechota

          "that's fascinating: how are they faking the certificates? my understanding is that a mitm could replace an ssl cert with their own, but the forged replacement cert won't be considered safe by browsers unless it's signed by one of the certificate authorities."

          Perhaps mandate that all phones by default trust a certain CA that they control. Have you vetted the CA list on your phone? I know I haven't. And since I just did, "Japanese Government" is one of the CAs on my Galaxy Nexus. And there's dozens more that I'd be hard-pressed to vet based on contact info. Hell, there may well be "internal" CAs that aren't on that list too.

        2. DougS Silver badge

          @AC faking certificates

          There are Chinese root CAs, like CNNIC. You don't think the government could order them "sign this certificate for google.com"? There's also HongKong Post, which they might be able to use similar arm-twisting with.

          As for Hong Kong not being behind the Great Firewall, it doesn't have to be for China to have control over its internet. They just have to maintain control of the routers for traffic entering/leaving the country, which you'd have to be naive to think they don't have.

          If by some chance they don't have such control now, you can bet they will make sure they do in the near future.

          1. razorfishsl

            Re: @AC faking certificates

            Yep it is why pre 97 the trunk routers were moved from HK to Singapore, because people did not want a master trunk running via a communist controlled country.

      2. Allan George Dyer Silver badge

        "Since the government has full control of the internet, DNS, etc."

        Hong Kong is outside the Great Firewall. One Country, Two Systems (well, for the moment, anyway)

        1. razorfishsl

          I don't think it is……

          I've been playing about and in the last few months, a cloudflare system seems to have been 'inserted' into the traffic, every so often you can get it to trigger an error condition then it kicks you over to a 'dummy' site does not exist let us make a suggestion for you via this HK based service.

          But so far it does not seem to be site specific and it's usually early Sunday mornings.

    2. Anonymous Coward
      Anonymous Coward

      If case you are not trolling...

      ...don't forget, they charge you a hefty fees to trim the leaves around that walled garden!

  5. RyokuMas Silver badge
    Stop

    Still don't get it...

    I still don't understand why anyone would need to jailbreak a phone - unless they are a developer, or trying to avoid paying for stuff...

    1. Thomas 6

      Re: Still don't get it...

      Because not everybody is happy being told what they can and can't do with the device that they have purchased.

      This applies to Apple mostly but I rooted my Android phone mainly to get rid of all the crap, e.g. Facebook.

      1. Captain Queeg

        Re: Still don't get it...

        Because not everybody is happy being told what they can and can't do with the device that they have purchased.

        Fair enough and it's a very valid point, but that doesn't answer the question posed of why anyone would *need* to. Prefer to, maybe, but regardless of any distinction between IOS or Android, the basic point is play with fire for whatever reason and you have to accept you may just get brunt.

        1. Anonymous Coward
          Anonymous Coward

          Re: Still don't get it...

          Captain Queeg: "Fair enough and it's a very valid point, but that doesn't answer the question posed of why anyone would *need* to. Prefer to, maybe, but regardless of any distinction between IOS or Android, the basic point is play with fire for whatever reason and you have to accept you may just get brunt."

          Apparently you didn't think back far enough, because Apple has already decided what YOU need or don't need. As for the jailbreakers, not so much. Are you still seeking enlightenment?

          Also, you're entire response is ambiguous, for your response could of very well have already been sent from an iPhone customer to Apple inc. on why Apple inc. must control the iPhone.

          1. Anonymous Coward
            Anonymous Coward

            Re: Still don't get it...

            "Apparently you didn't think back far enough, because Apple has already decided what YOU need or don't need. As for the jailbreakers, not so much. Are you still seeking enlightenment?"

            It's called security. Apps are limited so they can't mess up your phone or access your private information, either via malice or incompetence.

            Personally I'm thankful for it and wouldn't have it any other way. If that means my copy of Flappy Bird can't change my Tinder profile, or whatever dumb thing you want your phone to be able to do that iOS doesn't allow, that's fine with me.

        2. BitDr

          Re: Still don't get it...

          OK, someone who does not want to have their device controlled by the manufacturer NEEDS to root it. But you're talking about preference, so you prefer to be controlled and in the walled garden. Fine. However to your point of defining need as opposed to preference, lets say you have a nexus one, it's getting low on RAM, everything you have installed on it are tools you use daily. Wait a minute, there's YouTube sucking up a few MB, and FaceBook standing guard over another few MB. They can't be moved to the SD memory and you can use the websites... no app needed... but they also can't be uninstalled! Hmmm, you can't afford a new phone, but you heard a buddy talking about how he rooted his phone and installed some neat apps; he also said something about "freeing up memory". So you get in touch with him and root your phone to eliminate the craplettes. Now you have more memory and don't need to find a few hundred [insert your currency here] for a new device, or get locked into a contract by getting a "free" upgrade.

          There.. a case where someone could NEED to root their phone. That their privacy is enhanced is a side benefit.

          1. Anonymous Coward
            Anonymous Coward

            Re: Still don't get it...

            "OK, someone who does not want to have their device controlled by the manufacturer NEEDS to root it."

            Again, you say "manufacturer control," I say feature.

            The discussion was about Apple exerting control and you gave me some nonsense example about Google/Android. And why would you need to delete apps to free up RAM? Doesn't Android automatically kill apps and services as necessary to free up RAM? And why wouldn't you be able to delete FaceBook and YouTube anyway? The Nexus One is upgradeable to Gingerbread and I just checked and Gingerbread doesn't come with either of those apps, so you'd have to download them, so why wouldn't you be able to delete them? I have no idea what you're on about.

    2. stevehn

      Re: Still don't get it...

      I did it to remove all the bloated wares. I don't need bloated ware to use up my resources and bandwidth.

  6. Lars Silver badge
    Joke

    Perhaps

    It's smarter to stick to a dumb phone.

  7. Graham Marsden
    Thumb Down

    "The Android version requested access to the full suite of permissions"

    Yet another argument for why we, as users, should get control over what an App can actually access and use, rather than "If you want to use this App, you *have* to give it all these permissions, take it or leave it".

    1. Anonymous Coward
      Anonymous Coward

      Re: "The Android version requested access to the full suite of permissions"

      Yes, the fact you just can't decline selective permissions is completely wrong. I'm sure it has to do with marketing, but I'd love to "see" if how many apps can run without all these permissions that state otherwise. Of course a day will come when we can decline selective permissions, and each app developer will state defensively that "Google made us", however, there are far too many apps that have proven that defense for each app developers pockets choices...false.

  8. Privacy is dead
    Happy

    It's all about money fools!

    Jailbreaking an iOS device "removes all the iOS built-in security mechanisms, ultimately allowing a user or an attacker to install further apps not under the control and scrutiny of Apple. This means that apps can be installed from any app marketplace--not just from Apple's proprietary app store." writes Ohad Bobrov, vice president of research and development at Israeli security firm Lacoon Mobile Security.

    The answer [to jailbreaking] that Cook and his team came up with: There weren't enough applications being developed for specific "professions" — apps targeted solely for airline [hijackers] or bank [hackers] or pharmaceutical [junkies]. "This is a way to enrich peoples' lives in a big way," Cook said, "to change the way people [protest]."

  9. Allan George Dyer Silver badge

    Call yourself a Newspaper?

    So you missed the original Android RAT story two weeks ago, and try to catch the wave of HK news interest with this corporate publicity piece? Shame!

    You've got no excuse, I emailed you the tip 2 weeks ago:

    Fake Occupy Central app targets activists’ smartphones

    http://www.scmp.com/news/hong-kong/article/1594667/fake-occupy-central-app-targets-activists-smartphones

    Analysis fake-code4hk-app

    https://github.com/matthewrudy/fake-code4hk-app

    My own comment at that time is here:

    http://articles.yuikee.com.hk/newsletter/2014/09/c.html

    Shame! I want a 50% discount on my subscription - AT LEAST!!!

  10. Anonymous Coward
    Anonymous Coward

    Oops

    "The iOS version could only infect jailbroken iOS products which were as a result not bound by Apple's stricter application security requirements that banned third-party installation."

    Kind of buried the lead there didn't you?

  11. Anonymous Coward
    Anonymous Coward

    iOS app installation vs. security

    This story makes it sound like the only security on an iPhone is that Apple controls which apps can be installed.

    Not true at all. iOS has a comprehensive sandboxing system so that even if you were able to install malware on a non-jailbroken iOS device, it wouldn't be able to access location or contact information without the user giving it explicit permission via pop-up dialog box, and it wouldn't be able to access any user names or passwords at all.

    So even if some malware got past Apple's App Store review process, which is entirely possible, it doesn't really matter. This peace of mind is very nice.

  12. Alan Denman

    Apple is Alcohol free

    yes, there are some advantages in permanently wearing diapers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020