ContactT- s.vkrnt[@]gmail[.]com

Tuesday, October 31, 2017

Hong Kong protestors targeted by hackers via iPhones

When the protests in Hong Kong were at their peak, activists making use of WhatsApp received messages which advertised a program which promised to help them in coordinating the protests. When the links provided in the message was used to download the program, it turned out to be malicious software which was thought to be created by the Chinese government which hacked into the smartphones of people. A company based in San Francisco, Lacoon Mobile Security started analyzing the app after they noticed unusual communication of the networks of corporate clients, some of whose employees had actually downloaded the program. Working on tracing the spyware’s path to the website where data was sent, the company’s researchers found species of malware which were quite rare. The version was seen to be one which could even steal information from the iPhone. 
Once the malware was able to make its way into the iPhone, it could gain access to the contacts in the phone, text messages, and pictures and call logs. It could even play recordings and upload files along with stealing data. It was also seen to have the ability of gaining into the most sensitive locations of the phone known as the keychain which consists of passwords of other applications and emails.
iOS and Android are both vulnerable to this malware. While it is not easy to hack into a phone which has a running iOS, iPhones can be infected once they have undergone jail breaking which means that users have removed the limitations which have been placed by Apple as default in the phone’s operating system on which applications are run. Everything that the company found on the malware signaling site along with the command and control server was found to be written in Chinese. The company claimed to never have found such a high level of sophistication on the iOS and nothing being attributed to the Chinese. Considering all the factors, it was suggested that hackers were working for the Chinese government however the Chinese embassy declined to give any comment with respect to the matter. 

While the company had never experienced anything similar to what they did with respect to the Hong Kong malware, other researchers claimed that they had. ISight Partners which is a cyber intelligence company based in Dallas stated that the program resembled spying efforts made by the intelligence agencies of china against ethnic Tibetan activists as well as other minorities. In a case in the previous year, hackers sent malware which was disguised in the form of an app to members of the China Uighur community who were taking part in a conferred. Anyone who clicked on the link to get details for the conference, their phones would get injected with the malware which would then record phone calls and capture any conversation they had through the microphone in the phone. This was reported by John Hultquist who tracks cyber espionage threats for the company, ISight.
Making use of cell phone spy software had allowed for there to be rich grounds for espionage causing various branches of the Chinese military and the government to have competing malware. According to John Hultquist, the Chinese intelligence gathering is organized along the lines of military regions found. There are seen to be a lot of groups working on this with particular respect to china.
Beyond China, ISight has also been tracking an espionage group by the name of Tsar Team which is Russian and which has made use of mobile malware to target government officials, energy company executives and defense contractors in the United States. The group has been seen to operate in the European and the US space, targeting jihadists. Tracking a Chechen jihadist for example, one can only imagine the kind of information which can be gathered and how invaluable it would prove to be.
Lacoon has not been able to figure out how the Chinese language malware was made use of in Hong Kong and how it cracked the iOS. This too can only infect those phones which have been jail broken which occurs at a very high rate in China but is still considered to be rare. One theory which they came up with was that the hackers were able to find a way to unlock Apple devices in a remote manner through some vulnerability.


No comments