Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones

Newly uncovered components of a digital surveillance tool used by more than 60 governments worldwide provide a rare glimpse at the extensive ways law enforcement and intelligence agencies use the tool to surreptitiously record and steal data from mobile phones.

The modules, made by the Italian company Hacking Team, were uncovered by researchers working independently of each other at Kaspersky Lab in Russia and the Citizen Lab at the University of Toronto’s Munk School of Global Affairs in Canada, who say the findings provide great insight into the trade craft behind Hacking Team’s tools.

The new components target Android, iOS, Windows Mobile, and BlackBerry users and are part of Hacking Team’s larger suite of tools used for targeting desktop computers and laptops. But the iOS and Android modules provide cops and spooks with a robust menu of features to give them complete dominion over targeted phones.

This is the first time that the modules used to spy on mobile phone users have been uncovered in the wild and reverse-engineered. Kaspersky has tracked more than 350 command-and-control servers created for this purpose in more than 40 countries. While Kaspersky found only one or two servers in most of these countries, the researchers found 64 in the United States -- by far the most. Kazakhstan followed with 49, Ecuador with 35 and the United Kingdom with 32.

As Kaspersky notes, it makes little sense for governments to maintain their command servers in foreign countries where they run the risk of losing control over the servers.