Surveillance leak shows spyware loves Android, but can't infect Apple's iPhones without jailbreak

Posted:
in iPhone edited August 2014
Secret documents that anonymously leaked from global surveillance firm Gamma Group detail broad powers to spy on Android users via its FinSpy tool sold to law enforcement, but note that the tools lack the ability to infect iPhones unless they have been jailbroken.

FinSpy Mobile


One of the leaked documents described FinSpy Mobile as being "designed to help Law Enforcement and Intelligence Agencies to remotely monitor mobile phones and tablet devices and get full access to:

"Communication: Calls, SMS, MMS and more; Stored Data: Address Book from Phone and SIM; Surveillance Devices: Make silent Calls to remotely listen to the Microphone; and Location: Trace device and monitor locations."

The regularly updated software tool supports all releases of Android, devices running BlackBerry OS prior to the newest BB10, Symbian and Windows Mobile phones, but notes that in order to spy on an iPhone, the user must jailbreak their device, a step that disables Apple's security.

FinSpy Mobile


A report by the Washington Post noted that the tool is "capable of listening to calls on targeted devices, stealing contacts, activating the microphone, tracking your location and more. But for FinSpy to hack into an iPhone, its owner must have already stripped away much of its built-in security through a process called 'jailbreaking.'"

The site stated, "This is good news for people with iPhones, and perhaps for Apple as well," but added that "it's ironic" that "a different mobile operating system - Google's Android - has emerged as the global standard," noting of Android phones that "they're cheaper. But, it's increasingly clear, they are more vulnerable to the Gammas of the world, and from the police and intelligence services that use their tools."

The Surveillance Gap

The Post described the security chasm between Android and iOS as a "growing 'Surveillance Gap,'" stating, "Some civil libertarians have begun pointing out that the people on the safer side of that gap - with stronger protections against the potential for government abuse - are the relatively affluent people who already favor Apple products.

Twitter heat map


"Those willing to pay a premium for an iPhone or iPad, perhaps for their design elegance or ease of use, are also getting disk encryption by default, an instant messaging system that resists eavesdropping and an operating system that even powerful surveillance companies have trouble cracking."

The paper observed that "most shoppers likely think little about security when choosing their consumer electronics. Yet the consequences can be serious if a government anywhere in the world decides to target you with FinSpy, or if a police officer or border patrol agent attempts to browse through your smartphone -- or worse still, copy its entire contents for later examination."

Android is the favored platform of Al-Qaeda, making it obvious why government surveillance teams seek to target the platform. However, the ease in exploiting Android is also directly related to severe security lapses Google has made in designing its mobile platform.

Maintained by Google primarily a way to display its ads, Android is distributed via an "open" community alliance of competing hardware makers and mobile carriers that makes patching major problems across the Android installed base extremely challenging--and impossible for the hundreds of millions of Android users who don't access Google Play.

Spyware on Macs

The Post also noted that "just because Gamma Group has trouble getting FinSpy onto iPhones doesn't mean they are impregnable. Other surveillance companies may have better intrusion technology. Or an intelligence service could hack into the computer that syncs up with an iPhone."

Gamma also licenses its desktop spyware, which can target both Macs and Windows PCs, although other leaked documents show that its desktop software is limited to exploiting OS X via modules that spy on the shell, install a keylogger, share the screen or webcam or exploit Microsoft's Skype.

Under Microsoft's Windows, the company's software advertises broad powers to access, change or delete files, and supplies modules that handle forensic tools, keyloggers, and use the microphone, printer, scheduler, Skype, screen and webcam as well as VoIP.

FinSpy PC


The software is also regularly updated to avoid detection by malware scanners including Microsoft Security Essentials and Avast AntiVirus, as noted by NetworkWorld.

The leaked details were provided via a spoof account on Twitter sarcastically identifying itself as @GammaGroupPR. The leaked documents have been archived by privacy advocates including Wikileaks and German site netzpolitik.org.
«13

Comments

  • Reply 1 of 43
    maestro64maestro64 Posts: 5,043member
    There has been software like this for corporation to install on company provided cell phones. This software is loaded to enforce company policies such as not installing software which is not approved or allows they to remotely managed the device or lock or wipes it content. Another feature is they can see everything you doing with the phone. If Apple is making big inroads in the Corp America you can bet Apple has similar management tools for Corp IT to manage and control the phone.You just can not install it will out something knowing you did it.

    This is why I love the program Little snitch on the Mac, it tells me what each and every program is doing when it comes to network activities. I wish they would come up with something similar for the iphones.
  • Reply 2 of 43
    Open OS is so much better and years ahead¡
  • Reply 3 of 43
    No, say it ain't so. Windows gets all of the attacks and Mac only gets 4 of them? Android gets all possible attacks and only a few jailbroke iPhones are possible to attack?

    But, but, but . . . Windows and Android are the best because of . . . market share and stuff like that, right? . . . and business needs machines that are protected by tons of malware and virus protection, right? Why don't Apple users buy all that malware and spyware and virus protection software and pay for all those constant definition updates?
  • Reply 4 of 43
    One of the leaked <a href="https://netzpolitik.org/wp-upload/Release-Notes-FinSpy-Mobile-4.51.pdf">documents</a> described FinSpy Mobile as being "designed to help Law Enforcement and Intelligence Agencies to remotely monitor mobile phones and tablet devices and get full access to:

    "<b>Communication</b>: Calls, SMS, MMS and more; <b>Stored Data</b>: Address Book from Phone and SIM; <b>Surveillance Devices</b>: Make silent Calls to remotely listen to the Microphone; and <b>Location</b>: Trace device and monitor locations."

    Twenty-
    Eight
    Percent
    Less
    Crime.

    ctOS
  • Reply 5 of 43
    tastowetastowe Posts: 108member
    No, say it ain't so. Windows gets all of the attacks and Mac only gets 4 of them? Android gets all possible attacks and only a few jailbroke iPhones are possible to attack?

    But, but, but . . . Windows and Android are the best because of . . . market share and stuff like that, right? . . . and business needs machines that are protected by tons of malware and virus protection, right? Why don't Apple users buy all that malware and spyware and virus protection software and pay for all those constant definition updates?
    You are total worse windows and android fanboy. The mircosoft is slobber job to write the windows software. So I am very mad at mircosoft because their software are slob and not work right. So I did swear and yell at my windows computer. I never to buy android smartphones because the google is slobbest job to write android software.
  • Reply 6 of 43
    I imagine Apple][ is going to have a field day with this one. If memory serves, hasn't he always maintained (correct if wrong) that "Android Users=poor" and that "Apple Users=Wealth"? This article would seem to bear that out seeing as the article states that most Android users "think little about security" and only factor in price.
  • Reply 7 of 43
    Dan_DilgerDan_Dilger Posts: 1,583member
    Quote:

    Originally Posted by Maestro64 View Post



    There has been software like this for corporation to install on company provided cell phones. This software is loaded to enforce company policies such as not installing software which is not approved or allows they to remotely managed the device or lock or wipes it content. Another feature is they can see everything you doing with the phone. If Apple is making big inroads in the Corp America you can bet Apple has similar management tools for Corp IT to manage and control the phone.You just can not install it will out something knowing you did it.



    This is why I love the program Little snitch on the Mac, it tells me what each and every program is doing when it comes to network activities. I wish they would come up with something similar for the iphones.

     

    Mobile Device Management (MDM) is used to install policy and centrally manage devices like PCs and mobile devices, but has little in common with surveillance software designed to let agencies spy on individuals without those users being aware that they are being spied upon.

     

    MDM typically does not "spy" on users in the way these surveillance tools are designed to, and most companies have policies that make it clear when a managed device is being watched or monitored. 

     

    Also, while iOS works with a variety of MDM vendors, including IBM, Good, etc. Android is (ironically) difficult to manage because its so fragmented.

     

    So Android is easy for spooks to spy upon, but difficult for corporations to manage. And iOS is the opposite.

  • Reply 8 of 43

    Android is awesome!  (For Google.  Not for you.)

  • Reply 9 of 43
    dasanman69dasanman69 Posts: 13,002member
    Seeing BB on that list makes me doubt the validity of the claim.
  • Reply 10 of 43
    rob53rob53 Posts: 3,241member
    Quote:

    Originally Posted by dasanman69 View Post



    Seeing BB on that list makes me doubt the validity of the claim.

    Why? They say it doesn't work on the latest version. FinSpy is for law enforcement and it wouldn't surprise me if the NSA uses it all the time as well. Government BB BES servers probably installed it as part of the government installation to make sure they could track them wherever they went. Their inclusion doesn't surprise me one bit. What surprises me a lot is that they haven't been able to get their software through the Apple App Store using a free game or something. If they haven't, I see this as a real plus for the App Store's legitimate attempt to make sure malware and improper software doesn't reach customer.

     

    As for jailbroken iPhones, that's what people get when they break a perfectly functioning phone; maybe not to everyone's liking but it does work securely.

  • Reply 11 of 43
    dasanman69dasanman69 Posts: 13,002member
    rob53 wrote: »
    Why? They say it doesn't work on the latest version. FinSpy is for law enforcement and it wouldn't surprise me if the NSA uses it all the time as well. Government BB BES servers probably installed it as part of the government installation to make sure they could track them wherever they went. Their inclusion doesn't surprise me one bit. What surprises me a lot is that they haven't been able to get their software through the Apple App Store using a free game or something. If they haven't, I see this as a real plus for the App Store's legitimate attempt to make sure malware and improper software doesn't reach customer.

    As for jailbroken iPhones, that's what people get when they break a perfectly functioning phone; maybe not to everyone's liking but it does work securely.

    There was a highly publicized tug of war between India and BB a few years ago in which India insisted BB install a 'backdoor' so that the Indian government could spy on its citizens.

    http://betanews.com/2010/08/03/rim-no-back-door-into-encrypted-blackberry-messages-for-any-government/
  • Reply 12 of 43
    How terrible for Apple to cut the malware authors out of their ever growing profit stream. Surely Google, Microsoft and Samsung should take them to court for restriction of trade on behalf of their silent business partners!
  • Reply 13 of 43
    fracfrac Posts: 480member
    Going by this:
    http://en.wikipedia.org/w/index.php?title=FinFisher
    ...you'd be forgiven for thinking the opposite were true :\
    Some selective editing by Gary 2 days ago?
  • Reply 14 of 43

    "[Android is] Maintained by Google primarily a way to display its ads", which by definition means that Android itself is really just malware.

  • Reply 15 of 43
    dasanman69dasanman69 Posts: 13,002member
    "[Android is] <a href="http://appleinsider.com/articles/14/02/27/apple-touts-secure-design-of-ios-as-google-chief-admits-android-is-best-target-for-malicious-hackers" style="border-style:none;" target="_blank">Maintained</a>
     by Google primarily a way to display its ads", which b<span style="line-height:1.4em;">y definition means that Android itself is really just malware.</span>

    How are these ads shown?
  • Reply 16 of 43
    apple ][apple ][ Posts: 9,233member
    Quote:
    Originally Posted by Lord Amhran View Post



    I imagine Apple][ is going to have a field day with this one. If memory serves, hasn't he always maintained (correct if wrong) that "Android Users=poor" and that "Apple Users=Wealth"? This article would seem to bear that out seeing as the article states that most Android users "think little about security" and only factor in price.

     

    It's not so much that Apple users = wealth, because let's face it, being able to afford an iPhone doesn't exactly require enormous wealth, and there are hundreds of millions of Apple users out there. I do believe that Apple users in general are more intelligent and creative, since they don't skimp out on such essential purchases like phones and other devices, and they are willing to pay for awesome quality. Apple users also have more important assets to protect as they care more about security than Android users. To an Android user, a 99 cent app is outrageously priced, and they will have to think for a whole week before spending such a vast sum of money.

     

    But, it certainly means that Android users in general are cheap as hell. The main concern for many of them is simply price. A hundred dollars to an Android user is a major financial investment, and they are willing to risk everything just to save a buck or two. I also maintain that Android users have less things of importance to protect, so perhaps security isn't that big of a deal to a person who has little of value to secure. Would it make sense for a homeless person to buy an expensive lock for their cardboard box?

     

    And lastly, Android users in general are extremely ignorant in addition to being cheap. I read an article the other day about how the vast majority of US customers buy their phones in a store, and the vast majority of phones pushed on ignorant people by scummy salespeople are Samsung phones.

  • Reply 17 of 43
    dasanman69dasanman69 Posts: 13,002member
    apple ][ wrote: »
    It's not so much that Apple users = wealth, because let's face it, being able to afford an iPhone doesn't exactly require enormous wealth, and there are hundreds of millions of Apple users out there. I do believe that Apple users in general are more intelligent and creative, since they don't skimp out on such essential purchases like phones and other devices, and they are willing to pay for awesome quality. Apple users also have more important assets to protect as they care more about security than Android users. To an Android user, a 99 cent app is outrageously priced, and they will have to think a whole week before spending such a vast sum of money.

    But, it certainly means that Android users in general are cheap as hell. The main concern for many of them is simply price. A hundred dollars to an Android user is a major financial investment, and they are willing to risk everything just to save a buck or two. I also maintain that Android users have less things of importance to protect, so perhaps security isn't that big of a deal to a person who has little of value to secure. Would it make sense for a homeless person to buy an expensive lock for their cardboard box?

    And lastly, Android users in general are extremely ignorant in addition to being cheap. I read an article the other day about how the vast majority of US customers buy their phones in a store, and the vast majority of phones pushed on ignorant people by scummy salespeople are Samsung phones.

    At the height of Win XPs popularity what was its market share? Over 90%? I'm sure plenty or users with lots to protect used XP which was a malware magnet. Did all those people lose what they had to protect? Was there a world financial collapse because hackers robbed everyone? No. So if it didn't happen back then it's not going to happen now.
  • Reply 18 of 43
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by dasanman69 View Post



    At the height of Win XPs popularity what was its market share? Over 90%? I'm sure plenty or users with lots to protect used XP which was a malware magnet. Did all those people lose what they had to protect? Was there a world financial collapse because hackers robbed everyone? No. So if it didn't happen back then it's not going to happen now.

     

    Windows has always been widely used, both in home and business use. I don't touch Windows machines, but I assume that they ran plenty of anti-virus programs. 

     

    Android hasn't exactly been embraced by business and no, I definitely don't believe that there would be any world wide financial collapse if every single Android phone in the world got hacked, because that brings me back to the point that I made in my prior post, there is very little to protect.

     

    Most people with money and resources shun Android, this includes big business and most savvy consumers. Android's high marketshare is mostly due to poor people, especially people in third world countries who probably don't even own a pair of shoes. What do they have to lose? I wonder what percentage of Android users do not even have a bank account? 

     

    I would never hire anybody who showed up for a job interview with an Android phone. That would tell me all that I need to know about that individual, and it would be foolish to hire any potential walking security risks, not to mention a person with extremely bad taste who displays disturbing traits of cheapness.

  • Reply 19 of 43
    tundraboytundraboy Posts: 1,884member

    Ha ha, the developers of FinSpy say their product is for 'law enforcement and intelligence agencies'.  I suppose it's bad business practice to say  totalitarian, authoritarian, and human rights-abusing countries.

  • Reply 20 of 43
    singularitysingularity Posts: 1,328member
    Ah all is well with the world apple][ has entered the thread with his usual bigoted tirade.
    The company I work for has had no issues using Apple devices or Android devices on its corporate network etc. Though strangely they don't support Windows Phone.
Sign In or Register to comment.