Spyware Targets Hong Kong Protesters’ Phones
A blog post from security firm Lacoon details the discovery of mobile malware apparently being used against Hong Kong protesters. Both Android and jailbroken iOS devices are vulnerable. From Ohad Bobrov, Shalom Bublil, Daniel Brodie, and Avi Bashan:
Cross-Platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state. The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s first iOS trojan linked to Chinese government cyber activity.
The Xsser mRAT is itself significant because it’s the first and most advanced, fully operational Chinese iOS trojan found to date. Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone’s guess. It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments.
[…] When infected, Xsser mRAT exposes virtually any information on iOS devices including SMS, email, and instant messages, and can also reveal location data, usernames and passwords, call logs and contact information. [Source]
See more from Reuters.
Potential security concerns also surround protesters’ use of messaging app FireChat. The software sets up improvised local networks between phones. This avoids dependence on mobile networks that could be cut off or congested, but offers no concealment to users’ identities or communications. From Chris Baraniuk at Wired UK:
FireChat allows people to communicate without requiring internet access. Phones are connected via their own Bluetooth and Wi-Fi signals alone in a peer-to-peer mesh network. This is particularly useful when large crowds congregate in small areas, overloading local mobile towers which can’t keep up with demand.
[…] However, there’s a problem. FireChat isn’t private and for activists attempting to dodge police attempts at dispersal, that could be problematic. Daligault admits he’s worried by the prospect of protesters’ chatroom discussions on FireChat being monitored by police or government agents.
[…] For now, […] if FireChat users in Hong Kong or elsewhere have something to say which they want to keep secure, [Firechat’s Christophe] Daligault has a simple piece of advice: “Don’t type it.” [Source]