Researchers at Kaspersky Lab in the U.S. and Canada's Citizen Lab have just uncovered the global servers of a particularly invasive brand of remote-controlled trojan that governments can use to hack into—and take control of— smartphones.
The Italian cyber offense firm HackingTeam advertises its product, Galileo, as spyware to use against criminals but its victims include "activists and human rights advocates, as well as journalists and politicians," Kaspersky said in a press release.
Galileo attacks a variety of mobile operating systems, including iOS, Android, Windows Mobile, and BlackBerry, and can capture anything from keystrokes to voice and video content to calendar entries. It can even reportedly map the movement of a target on Google Maps, and can disguise its activities carefully, monitoring the battery life of the device and then performing energy-intensive tasks only when plugged in.
The trojan can be specially customized for each individual target device and often infects it by exploiting previously unknown vulnerabilities in the software known as "zero days." According to Kaspersky Lab, since jailbroken iPhones are vulnerable to infection, it can stealthily jailbreak an iPhone while it is connected to a computer and then proceed to install itself.
Researchers were able to locate its main command and control servers by identifying a specific message they broadcast when contacted and scanning the entire Internet for that string. It turned out that the U.S. topped the list, followed by Kazakhstan, Ecuador, the U.K., and Canada.
The implications are less than subtle.
"The presence of these servers in a given country doesn’t mean to say they are used by that particular country’s law enforcement agencies," said Sergey Golovanov, a principal security researcher at Kaspersky, in a statement to journalists. "However, it makes sense for the users of RCS [a Remote Control System, such as Galileo] to deploy C&Cs [command and control centers] in locations they control—where there are minimal risks of cross-border legal issues or server seizures."
In other words, U.S smartphone users, be careful what you talk about—and put on your calendar.