365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
Always with you: the smartphone in your (trouser) pocket. Usually switched on around the clock, this is a brilliant spy device. Even unsuspecting bystanders can be bugged. Technically, the attackers use unknown security leaks.
Smartphones and other mobile devices are everyday companions, also of politicians, business leaders and journalists. Cybercriminals use them as an ideal espionage tool.
After the brutal murder of Saudi Arabian journalist Jamal Kashoggi, it emerged that he too had been spied on using spyware. On his fiancée's phones, experts from Amnesty International's Security Lab found the spy software Pegasus from the Israeli NSO Group. It later came to light that one of the phones had been infected with Pegasus when security officials inspected it at Dubai airport. Numerous other people in Kashoggi's entourage were also monitored, and traces of spyware were also found on their devices. As part of the investigation into the murder, even Turkish investigators and politicians were targeted and attacked with spyware.
The Canadian research institution Citizenlab is the leader in spyware investigations and discoveries. However, as a result of the investigation into the Pegasus software and Kashoggi's death, the researchers themselves came under scrutiny. After the publications on this case, they were repeatedly approached by alleged sponsors, invited to luxury hotels and questioned. The director of the institute, Ron Deibert, who is based at the University of Toronto, condemned these attempts: "Such a deceitful attack on an academic group like Citizenlab is an attack on academic freedom everywhere".
Surveillance software is secretly installed on the phones of those affected and allows the attacker complete access to all messages and emails as well as other media. In addition, the microphone and camera can be switched on unnoticed, allowing not only phone calls to be tapped, but also an entire room to be monitored.
Specialists from Google's security team ProjectZero later discovered that the installation of the Pegasus software so cleverly exploited a flaw in Apple's iPhone operating system iOS that a zero-click exploit could be realised with it. This allows attackers to install the spyware on the phone without any action on the part of the user. A simple message to the phone is enough to turn it into a spy device. Similar possibilities exist on Android phones and Pegasus also uses them. However, their mode of operation is not yet known.
But such sophisticated methods are the exception. Usually, a click on a link is necessary to bring spyware onto a smartphone. This means that the attackers, who are usually acting on behalf of states, have to use the same techniques as normal cyber criminals. A well-made message contains a link that downloads the spyware when clicked. Links are cleverly placed in short messages or emails to encourage users to make the dangerous click. Such links are often not easy to detect, because complex links often only have one letter exchanged, inserted or twisted compared to the original. Instead of https://www.ardmediathek.de/, such a link could read https://www.ard-mediathek.de/. This is usually only noticeable in direct comparison. The most effective protection against spyware is to be wary of links sent by messages, just as with ordinary malware.
There is no effective protection against surveillance software. Although many apps promise to detect spyware, they rarely do. Spyware manufacturers are constantly adapting their products so that new versions cannot be detected by protection software. The programmers of these companies are constantly coming up with new ways to hide the software. Analyses show how they hide their tracks. But as soon as these internal details become known, the programmers for example change paths and file names, to make it more difficult to detect the software. Detection requires elaborate analyses of the processes running on the smartphone as well as stored files, because these are of course camouflaged. Security specialists, however, know which traces to look for.
Criminologists and intelligence officers assume that these methods are also increasingly used in the field of industrial espionage. The precautions you should take include having your own phone without sensitive data for travelling abroad. Contaminated phones should be disposed of if possible, as a factory reset does not necessarily remove malicious software.
Author: Uwe Sievers
