back to article Google: How we tackled this iPhone, Android spyware

Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG). RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's …

  1. VoiceOfTruth

    Google's Threat Analysis Group

    Does it monitor and track for USA regime-backed spyware? Yes or no?

    1. LDS Silver badge

      Re: Google's Threat Analysis Group

      It looks they are doing nothing to stop NSO Pegasus as they did with this one....

      1. badflorist

        Re: Google's Threat Analysis Group

        Spy Vs. Spy... Google good, others bad.

  2. Forget It

    > It appears the snoops using the surveillance tool got the victims' cellular providers to degrade their wireless internet connectivity, thus convincing the marks to run the app.

    Which Italian cellular provider?

    TIM?

    Vodafone?

    Three?

    1. heyrick Silver badge

      Any provider that willingly goes along with such a scheme ought to be blacklisted (and publicly shamed).

      On both sides of the ocean.

      1. LDS Silver badge

        Why? They do have already to comply with tap warrants. This is not much different. Doing it under the proper legal framework help to jail criminals. Otherwise it becomes authoritarian surveillance. Just like FISA or CLOUD Act.

        1. heyrick Silver badge

          What legal framework is okay with forcing a provider to do things in order to trick a mark into installing spyware on their phone?

          One could imagine in any sane legal jurisdiction, any competent lawyer would reasonably argue that if they managed to get the user to install something that gave itself unfettered access to the phone, said access could just as easily be used to plant evidence. There's no longer any sort of assurance that the device has not been tampered with, because it very obviously has, which means that anything on it should be considered inadmissible.

          Of course "sane legal jurisdiction" is the important part here...

          1. LDS Silver badge

            Just like they could get help from different kind of people to bug a criminal? Locksmiths could help police to enter a house. A car repair may bug cars as well. A restaurant may allow microphone and cameras installed. Even kindergarten to catch teachers hurting children. Even intercepting deliveries could be allowed. ISPs may support sizing machines used by crooks and then used to "spy" on them.

            How do you believe you can catch crooks? Especially some kind of crimes that like to lurk in the dark? Just waiting they deliver themselves at the local police office?

            Of course if a court authorize such actions. The problem are laws like FISA that bypass court authorizations and parliament oversight.

            "ould reasonably argue that if they managed to get the user to install something that gave itself unfettered access to the phone, said access could just as easily be used to plant evidence."

            Sure. Then it's up to the investigators to support their evidences beyond any reasonable doubt.

    2. iron Silver badge

      Having used TIM, how would you know their service had degraded?

  3. Anonymous Coward
    Anonymous Coward

    Google's thoughts

    I suspect Google saw this and thought "They're stealing our data." rather than "They're stealing the user's data."

    1. Def Silver badge

      Re: Google's thoughts

      I doubt the app prevented the host OS from grabbing all the data it usually grabs.

      That might be an easy way onto devices belonging to slightly more tech-savvy users though: "Did you know Google records everything you do on Android and listens to you even when you're not using your phone? Download and install this app now to stop it!"

      1. Mike 137 Silver badge

        Re: Google's thoughts

        "I doubt the app prevented the host OS from grabbing all the data it usually grabs"

        Correct of course, but it's still competition and 'we can't allow that'.

  4. sabroni Silver badge
    WTF?

    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Yeah right!

    Would sound a tiny bit more convincing if Google weren't all about that shit themselves, eh?

    You just needed to add a "Someone else" to the start of your byline and you'd've been good.

  5. Andy The Hat Silver badge

    Bit confused as to whether this was being used as a law enforcement tool (as per the Italian usage description) or for nefarious means by a.n.other in eastern Europe ... sounds like a government installation which could be either use but the story seems to document an exploit method rather than a reason for exploitation. If it was used for "legitimate purposes" of law enforcement why is Google documenting it? If not, why are they not naming names and detailing reasons for the exploit?

    1. iron Silver badge

      Like NSO groups illegal spyware this is an exploit allowing the installation of spyware against the user's wishes and bypassing OS level protections. This is illegal spyware no matter how it is being used.

      1. LDS Silver badge

        It's not different than implanting a bug to track and listen to criminals - which is usually done against the criminal wishes, and usually trespassing into private properties. Just, done under a warrant, it is legal.

        1. heyrick Silver badge

          A bug is a passive device. It records what it hears (or it reports its location, depending on what sort of bug).

          There's a reason this sort of thing is supposed to be illegal and why no reputable judge would authorised it - evidence tampering. Spyware and phone hacking is not passive. It has the ability to read and transmit any file on the device. But it also has the capability of receiving files and writing them to the device.

          1. LDS Silver badge

            If you enter a house or car to plant a bug you can also try to plant evidences. Even a passive tap may be used to "construct" evidences if using just part of the recordings. That's why everything can be challenged in courts.

            As technology evolves and criminals take advantage of it, law enforcement have to build their counter-measures too. Of course their use must be strictly controlled.

            Moreover, are you using cameras and mics to protect your house? You may illegally break the privacy of others...

    2. LDS Silver badge

      "why is Google documenting it"

      Because stomping on Italian feet is far less dangerous than stomping on Israeli ones... it makes Google look good and people forget they let others do the same....

    3. yetanotheraoc Silver badge

      could be either use

      Indeed it can be either use. To shut down misuse effectively means to shut down legitimate use. Conversely, to allow legitimate use means to allow misuse. This is why there is such tension between security researchers and law enforcement over legitimate purposes.

  6. DS999 Silver badge

    Pretty low tech attack

    Relying on tricking people into sideloading stuff not on the Play Store / App Store means they are only getting the dumbest of the dumbest of victims.

    1. yetanotheraoc Silver badge

      Re: Pretty low tech attack

      And the ones they are communicating with. Henchmen ....

    2. ThatOne Silver badge
      Happy

      Re: Pretty low tech attack

      > they are only getting the dumbest of the dumbest of victims

      Actually, they are only getting the not-computer-savvy people, which apparently make up 99% of the population.

      Please don't assume people on this website are anywhere representative of the general public's IT security knowledge and skills. (Expecting somebody to drop in to brag about his Pi-hole, any moment now...)

      1. DS999 Silver badge

        Re: Pretty low tech attack

        I don't assume that at all, and I strongly believe a large majority of smartphone users would be HIGHLY suspicious of instructions for downloading an app that are totally unlike the way they've downloaded every single other app on their phone. They would be wondering "why can't I just click on a link to take me to the App / Play Store?" or "why can't you just tell me the name and I'll search for it in the App / Play Store?" because that's how they've always installed new apps. People are generally very suspicious of having to do things different than the way they've always done them.

        This is no different than being used to paying for stuff with cash, check or credit card and getting instructions to pay for something telling you to go to Walmart and buy a bunch of gift cards and emailing the codes to someone. Sure people do fall for scams where that happens, but only the dumbest of the dumbest (or unfortunately elderly and senile) fall for it.

  7. PB90210

    "CVE-2020-3837 internally referred to and publicly known as TimeWaste"

    Or, more commonly, Twitter...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022