نرم افزار جاسوسی موبایل پیشرفته هرمیت موج نظارت دولتی را اعلام می کند

گره منبع: 1685965

While NSO Group’s Pegasus spyware is perhaps the highest-profile surveillance weapon used by repressive governments against civil society, a recently discovered, powerful mobile reconnaissance malware dubbed Hermit has come to light, being touted by an Italian developer as a “lawful intercept” tool.

در آینده کنفرانس بخش 2022 in Toronto, Christoph Hebeisen, director of security intelligence research at Lookout, and Paul Shunk, security researcher at the firm, will lay out Hermit’s surveillance capabilities, against the backdrop of the growing nation-state market and use of these shadowy applications.

تا کنون، Lookout مشاهده کرده است که پس از سرکوب خشونت آمیز اعتراضات با کمک نیروهای مسلح روسیه، توسط دولت قزاقستان از نرم افزار جاسوسی Hermit استفاده می شود. اعمال شده توسط مجریان قانون ایتالیا؛ و استقرار علیه اقلیت کرد در منطقه جنگ زده روژاوا در شمال شرق سوریه.

گوشه نشین: پنهان کردن 1 طبقه زیر پگاسوس

The researchers will kick off their Oct. 5 session, entitled “یک گوشه نشین بیرون از پوسته اش,” with a discussion of where Hermit fits into the mobile spyware picture. It was developed by an Italy-based vendor called RCS Lab and a related company called Tykelab Srl, according to Hebeisen, and is usually distributed on both Android and iOS platforms by masquerading as legitimate mobile apps rather than in attacks that exploit software vulnerabilities.

“There’s a varied market for these; NSO Group is certainly placed at the top of the field, and everybody recognizes the name, because they use اکسپلویت های صفر کلیک to get their surveillance malware onto the device without the user even noticing anything,” Hebeisen tells Dark Reading. “But then there is a tier of these weapons just below that, which are distributed as apps, and they are very effective even though they require a little bit of social engineering to get onto a target’s device. That’s where Hermit plays.”

In terms of its capabilities, he adds that Hermit packs an info-vacuuming punch. In addition to “standard” spyware fare like tracking users’ locations, accessing device microphones and cameras, eavesdropping on calls and texts, and stealing media files, it also offers the ability to sniff out every scrap of content and data housed in any of the apps that users have installed, including encrypted messaging apps.

“This is a very sophisticated surveillance tool,” Hebeisen says. “It takes over the operating system completely and can spy on literally everything. Given how deeply ingrained into our lives phones are these days and especially our all of our private activities, this is practically a perfect tool to find out everything an attacker ever wanted to know about somebody.”

او می افزاید که در زیر پوشش، بدافزار به گونه ای طراحی شده است که چابک و انعطاف پذیر باشد.

“Hermit is built in a very enterprise way in that it’s modular,” Hebeisen explains. “So we suspect that that might actually be part of the business model, where they can sell different tiers of this surveillance kit by including or excluding certain modules.”

From a broader perspective, Hermit showcases an uncomfortable reality when it comes to next-gen mobile malware: “Despite mobile operating systems being much more modern than many of the desktop systems and having many more security controls already in place, it’s still possible for attackers to get past them and then actually use the legitimate functionality of the operating system against targets,” Hebeisen says.

نرم افزارهای جاسوسی Nation-State: A Threat رو به رشد

لازم به ذکر است که شرکت های فعال در این فضای خاکستری از جمله RCS Labs، NSO Group، گروه Gamma خالق FinFisher, Israeli company Candiru, and Russia’s Positive Technologies, maintain that they only sell to legitimate intelligence and enforcement agencies. That however is a claim that many reject, including the US government, which اخیرا تحریم شده است تعدادی از این سازمان ها به دلیل مشارکت در نقض حقوق بشر و هدف قرار دادن روزنامه نگاران، مدافعان حقوق بشر، مخالفان، سیاستمداران مخالف، رهبران تجاری و دیگران.

Nonetheless, Hebeisen notes that there are more and more mobile spyware tools being developed for the blossoming so-called “lawful intercept” market, indicating ongoing demand. When one is struck down, “there are plenty of other companies standing in the wings just waiting to take over,” he says.

این تقاضا از دیدگاه ژئوپلیتیک منطقی است زیرا کشورها از تضاد جنبشی دور می شوند.

“As opposed to physical arms, for which you have to deal with all kinds of export controls if you want to sell those to regimes that are known for human rights violations, it seems much easier to get around that when you’re dealing with surveillance tools, which are essentially just a different set of weapons in the fight,” Hebeisen explains.

تمبر زمان:

بیشتر از تاریک خواندن