FBI Android malware used for investigations

Former FBI officers revealed to the Wall Street Journal the existence of FBI Android malware that is used to spy on suspects for investigations.

The FBI is using mobile Android malware to spy on suspects for its investigations, the news is not surprising but is the confirmation that law enforcement are exploiting new technologies for surveillance purposes.

The Federal Bureau of Investigation uses malicious code to record nearby sounds and copy data stored on the suspect’s handset without physical access to the device, the news has been published by Wall Street Journal that interviewed former officers. The popular journal published an interesting post on the legal surveillance activities that in the past were discussed for the impairment of desktop computers, but mobile phones are a relatively new target considering that we discussed just a few months ago of projects conducted by the Bureau to exploit any kind of mobile devices for its investigations.

“People familiar with the Federal Bureau of Investigation’s programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can’t be wiretapped like a phone, is called “going dark” among law enforcement.” States WSJ post.

The spying techniques still request an “active participation” of victims that need to visit a compromised website, or click on an infected link or worst to open a malicious attachment, for this reason the methods is still not useful to investigate on tech-savvy suspects that could easily note something of strange on their mobile handsets. It is not a mystery that the FBI is adopting hacking instruments for the resolution of cases involving organized crime, child pornography or counterterrorism.

Computer hackers are never targeted this way, they might notice the FBI Android malware disclosing news and evidences on its existence,  former officers confirmed that in other circumstances the technique was very useful and efficient.

The FBI develops hacking tools internally and purchases others from the private sector for a long time, the FBI Android malware can remotely activate the microphones in phones to record conversations. For the moment Google declined to comment the revelations.

Another interesting particular revealed by the same officers on the FBI Android malware is that this type of investigation does require judicial oversight, but if one is recording activities rather than communications, the level of authorization necessary is much reduced. The reason is that there is a false conviction within US judges that the approval of the use of any malware is considered a minor privacy violation respect the traditional wiretap.

How does work the FBI Android malware?

It is still not clear, but it is very likely that developers use zero-day exploit of which the platform manufacturer is unaware, in this way they could exploit the flaw to take remote control of the devices. The sale of zero-day is becoming very common also within the private industry, many private firms develop exploits for unknown vulnerabilities such as the Italian Hacking Team and the UK-based lawful spook spyware supplier Gamma International. Gamma International has a long collaboration with law enforcement for which provides many products for surveillance purposes.

The news of the availability of an FBI mobile malware confirms the intention manifested in the last months by law enforcement to be able to spy on any kind of electronic devices for investigation … so what do you expect on the future?

For sure more sophisticated agents able to infect suspect’s handset without its “collaboration”, exactly like already happen for desktop and laptop devices … next step will be possibility to spy on suspects thought gaming platform, smart meters and SmartTV … or probably they are already reality 😉

Pierluigi Paganini

(Security Affairs – Law Enforcement, FBI Android malware)