,

Potential Flood of Malware Infection Used For Surveillance Of Smartphones Expected, Said Experts

Governments now have an easier way to track their citizens’ movements by using a commercial program intentionally designed to track movements of terrorists and criminals. According to a study conducted by University of Toronto, a cyber-espionage software can target cell phones and other mobile computing devices.

The researchers, led by John Scott-Railton, a doctoral student have found out that the program can take over smart phones and other mobile computing gadgets. Users of targeted devices will not know that their phones can transform into a spy gadget, potentially revealing personal information. Microphones can be turned on remotely, passing on conversations to interested parties.

“People are walking around with tools for surveillance in their pockets,” said Scott-Railton. He is the founder of The Voices Feeds group that assisted demonstrators and activists bypass Internet blockages while the Arab Spring was at its height.

The study identified several malware for Android, BlackBerry, iOS, Symbian, and Windows Mobile platforms.

The Bahraini government was said to have used a copy of FinFisher Mobile spyware to quell demonstrators and spy on activists last May. The software was created by a U.K.-based Gamma Group.

A copy of the software is now in public domain according to Dennis Portney, chief of Security Forensics, Inc. based in Chicago.

“The worst part of this story is that it was a legitimate organization that developed this application and the same organization, which is harming the public at large,” he said.

Experts are concerned that the software will be replicated and developed by more maligned groups creating more harm than good.

Director of Canada Centre for Global Security Studies and the Citizen Lab, Ron Deibert, confirmed that surveillance applications are being sold by several private companies at a profit in an ever-growing cyber spying arms race. He said that there is no clear regulation how to control such products from falling into the wrong hands, or being used by oppressive governments to stop dissidents.

FinFisher spyware has been discovered on public servers on five continents, which means that mobile devices of pro-democracy activists are being targeted or compromised.

Gamma Group failed to comment on the issue but acknowledged that it created the spyware toolkit. It also denied selling its product to Bahrain although it hinted that a demonstration copy had been probably stolen or copied by criminals. It further mentioned that its client base has never been compromised and that it sells only to governments.

FinFisher Mobile spyware can be downloaded via an email link. Once embedded to a device, the malware can grab pictures of a computer screen, listen to Skype calls, log keystrokes, and activate voices recorders, GPS tracking and web cameras. The said application can steal information from a hard drive and go through filters of dozens of antivirus systems.

The spyware first got the attention of security experts last March after protesters in Egypt ransacked the country’s security headquarters and discovered an offer to buy the application for 387,000 euros.

Rapid7, a Boston-based security company, warned that corporate IT sections should monitor and check their systems for signs of  communication with command and control computers running the malware.

source: metronews