Skip to content

The surveillance-as-a-service industry needs to be brought to heel

Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there’s justification for keeping mobile platforms utterly locked down.

What has happened?

I don’t intend to focus too much on the news, but in brief it is as follows:

Google’s Threat Analysis Group has published information revealing the hack.
Italian surveillance firm RCS Labs created the attack.
The attack has been used in Italy and Kazakhstan, and possibly elsewhere.
Some generations of the attack are wielded with help from ISPs.
On iOS, attackers abused Apple’s enterprise certification tools that enable in-house app deployment.
Around nine different attacks were used.

The attack works like this: The target is sent a unique link that aims to trick them into downloading and installing a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to trick targets into downloading the app to recover that connection.

To read this article in full, please click here

Source:: Computerworld