Spies are increasingly hacking into the smart phones of political opponents and dissidents around the world, security researchers say, giving them access to data far more sensitive than what most people keep on personal computers.
Mobile-security firm Lookout Inc. counted 22 phone-hacking efforts in the first five months of this year that appeared to be government-backed. Most targeted political opponents in developing nations, Lookout said. The company’s researchers identified just two such efforts in all of 2015.
The increase is being driven by the proliferation both of low-cost smartphones and of companies selling spyware and hacking tools to access them, said Claudio Guarnieri, a security researcher with the human-rights group Amnesty International. Most hacking efforts now target mobile phones, Mr. Guarnieri said, while in 2015 the majority still involved personal computers.
“It is one thing to compromise someone’s computer,” said Mike Murray, Lookout’s vice president of security research. “It’s another thing to have a listening device that they carry around with them 24 hours a day,”
The government-sponsored surveillance of mobile phones comes as more hackers of all stripes gain access to the devices. Turned against their owners, the phones can become powerful espionage tools, researchers say. Spies can monitor a user’s contacts, communications, travel history and even their financial transactions.
The trend pits outfits that craft spyware tools against the cybersecurity companies and device makers trying to defend user privacy. Apple Inc. and Alphabet Inc.’s Google both say they are committed to keeping their devices secure. But researchers say malicious software often exploits known bugs on phones that haven’t been patched and hackers also sneak malicious software into app stores. Antivirus vendors such as McAfee Inc. and Symantec Inc. see mobile-device protection as an important market for future sales.
Victims are often tricked into downloading “Trojan horse” software that masquerades as a different program—a videoconferencing or security app, for example. The software is often built by contractors or freelance developers who sell it to government clients. “There are nation states who don’t have the capability, who are outsourcing and are purchasing tools,” Mr. Samani said.
Lookout recently discovered an effort to surveil about 100 civilians and government officials in Pakistan, Afghanistan, India and other countries, Mr. Murray said. Lookout believes the espionage campaign was orchestrated by a spy agency that outsourced software development work to coders who charged about $50 an hour to develop a spyware tool.
Some attacks use techniques more sophisticated than malware. IPhone security flaws were exploited in a 2016 cyberattack against a human-rights activist in the United Arab Emirates. U.A.E. officials have declined to comment on the incident. Apple Inc. has fixed the flaws.
The software used in that attack was built by the Israel-based company NSO Group Technologies Ltd, whose tools have also been used on anticorruption activists in Mexico, according to Citizen Lab, a digital-threat research group at the University of Toronto.
A spokesman for NSO Group declined to comment. In 2016, NSO Group said products are only sold to governments for the “prevention and investigation of crimes.” Last week, The Wall Street Journal reported cyberintelligence vendor Verint Systems Inc. was in talks to buy NSO Group for about $1 billion.
In November, McAfee discovered a mobile-phone campaign launched by the Lazarus group, a hacking operation the U.S. and security experts say is backed by North Korea. McAfee believes it was the group’s first campaign against mobile devices.
The campaigns are more commonly mounted by repressive regimes against dissidents in their own country. Encrypted communications apps such as Signal and Facebook Inc.’s WhatsApp have given such activists a measure of security in recent years. But that security is being undercut by malware that gives attackers a way to read messages on hacked phones, said Bill Marczak, a researcher with Citizen Lab.
These encryption technologies protect the messages from prying eyes as they are traveling across the internet, but once they are decrypted on a phone they can be read by malicious software on that device. “If the phone is infected, all bets are off,” Mr. Marczak said.
Mu Sochua, an exiled deputy leader of the opposition Cambodia National Rescue Party, said she no longer trusts her phone after hearing details of her own and others’ private conversations made public over the years. She says she often places her smartphone in another room when she holds sensitive conversations. Officials from the Cambodian embassy in the U.S. didn’t respond to requests for comment.
Source: The Wall Street Journal