Reuter reports on an advanced iOS virus targeting Hong Kong protestors:
Cybersecurity researchers have uncovered a computer virus that spies on Apple Inc's iOS operating system for the iPhone and iPad, and they believe it is targeting pro-democracy protesters in Hong Kong.
The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday.
The original post on Lacoon's Web site (which Reuter used) notes:
A link to the Android spyware, disguised as an app to help coordinate Occupy Central protests in Hong Kong, was sent as an anonymous message to Whatsapp users there on Thursday. In its investigation of that spyware, Lacoon uncovered the Xsser mRAT hosted on the same Command and Control (CnC) domain with the project being named Xsser. Though called Xsser, this is not related to an XSS attack.
The Xsser mRAT is itself significant because while there have been other iOS trojans found previously, this is the first and most advanced, fully operational Chinese iOS trojan found to date. Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone’s guess. It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments.
[...]When infected, Xsser mRAT exposes virtually any information on iOS devices including SMS, email, and instant messages, and can also reveal location data, usernames and passwords, call logs and contact information.
In the meantime, Bloomberg says the U.S. Law Enforcement seeks to halt Apple/Google encryption of mobile data, but are not sure how to proceed: appeal to executives or seek congressional legislation.
Looks like the US and Chinese agencies aren't that dissimilar: both sides want the citizens with the pants down and the lubrication applied on their own expense (paid by taxes).
(Score: 4, Insightful) by Bot on Wednesday October 01 2014, @09:13PM
From paranoid lunatic to prophet in one move.
Account abandoned.
(Score: 3, Interesting) by BsAtHome on Wednesday October 01 2014, @09:44PM
First they ignore you;
Then they laugh at you;
Then they fight you;
Then you win.
A man with an idea and a vision is always more dangerous than all the weapons combined.
(Score: 0) by Anonymous Coward on Wednesday October 01 2014, @10:36PM
If that's really true, then why has Stallman been stuck between steps 1 and 2 for almost three decades now?
Most people just ignore him. Some people laugh at him, but that's mainly because of his antics (like those involving eating junk from between one's toes).
(Score: 2) by NoMaster on Thursday October 02 2014, @07:15AM
And why shouldn't they be? After all that one simple mantra paid off for Hitler, Mussolini, and Pol Pot. It also works well for internet trolls, and I look forward to greeting our Islamic fundamentalist overlords when, as that phrase predicts, their time inevitably comes.
(hint: trite statements of pop-ideology are no match for a good blaster at your side, kid...)
Live free or fuck off and take your naïve Libertarian fantasies with you...
(Score: 2) by forsythe on Wednesday October 01 2014, @10:36PM
The past decades have been a constant series of ``one move''s for rms. To name some of the biggest ones that I can remember seeing on this site or the immediate predecessor: The Kindle 1984 fiasco highlighting DRM, the various cripple-core CPUs sold by Intel showing corruption at the hardware vendor level, the myriads of back doors in consumer hardware relying faultily on proprietary status for security, all of the previous [un]known times that governments have use ``Stalin's dream'' cell phones to track protestors, etc. etc.
He's not paranoid: he watched motivations of power and profit ruin the computing environment he grew up in [gnu.org] (the first two sections are the most relevant), and knowledge of human nature extrapolates from there.
(Score: 0) by Anonymous Coward on Wednesday October 01 2014, @10:43PM
I don't really follow him at all, but has he said or written anything about systemd?
It's the kind of thing that somebody like him should be standing up against, because everything about it is tyrannical, but I can't remember ever hearing anything about it from him. Although, I may have just missed it, if he has discussed it.
(Score: 0) by Anonymous Coward on Thursday October 02 2014, @08:59AM
Makes you think:
Pieces placed in juxtaposition.:
"Opensource is going mainstream in 2014" -RedHat CEO
Systemd presents a large attack surface (where as there are few ways
to communicate with init etc, systemd is network aware), needlessly manages disc cryptography (amongst everything else, normal inits never cared one way or the other),
US government Argues For Backdoors In Personal Electronics - http://it.slashdot.org/story/14/10/01/1 [slashdot.org] ... lectronics
(Score: 2) by Bot on Thursday October 02 2014, @07:11PM
You think about backdoors, I think about the linux desktop itself. To become mainstream it must appease the hardware makers. Which had like 10 years during which they could have tossed windows aside *AS PREINSTALLED OS; NOT AT ALL*. Why didn't they? because a modular unix OS with stable APIs makes hardware eternal and users happy. But let's face it, a major hardware producer that ships with secure boot and hides the key combo to get to the bios to disable it, hates your guts.
While Systemd disrupts previous software in all possible ways (ifconfig eth3se8fasterpussycatkillkill), will probably be always a moving target, so it can replace windows as a way to make people buy new stuff because old stuff can't work well. Or at least, this is the first thing I gather from the juxtaposition.
Sure there can be backdoors, too.
Account abandoned.
(Score: 0) by Anonymous Coward on Thursday October 02 2014, @09:03AM
[quote]
Hi Gregory,
Thanks for writing. I don't think I agree with your characterization of
the situation (I am involved with the Debian community in my spare
non-FSF time and attended Debconf this past August), but of course the
FSF currently does not endorse Debian because of its integration in
various ways of nonfree software (see http://gnu.org/distros [gnu.org]). We do
endorse two distros that are "downstream" versions of Debian --
Trisquel, and gNewSense. I suggest that if you have concerns about what
Debian is doing upstream, you make your arguments in those Trisquel and
gNewSense communities. The FSF is not going to launch another new
distro; we want energy to be put into improving those which we already
endorse. Thanks!
-john
--
John Sullivan | Executive Director, Free Software Foundation
GPG Key: 61A0963B | http://status.fsf.org/johns [fsf.org] | http://fsf.org/blogs/RSS [fsf.org]
Do you use free software? Donate to join the FSF and support freedom at
[/quote]
http://www.debianuserforums.org/viewtopic.php?f=63&t=3031&start=50 [debianuserforums.org]
(Score: 3, Interesting) by bob_super on Wednesday October 01 2014, @09:29PM
Cheap Walkie Talkies...
Seriously, if you're going to want to communicate in relatively close proximity with many others in a demonstration environment with some unappealing people in power, don't turn on your phone.
Half-decent two-way radios are dirt cheap these days, and if they can indeed be "tapped"or jammed, they at least don't contain any personal data.
(Score: 3, Interesting) by Anonymous Coward on Wednesday October 01 2014, @10:08PM
(1) dirt cheap is still more expensive than something you already own and carry with you all the time
(2) 50,000 people all on a handful of walkie-talkie frequency bands would be useless
(3) can't send text messages over walkie-talkies
(4) can't forward voice messages from walkie-talkies to youtube
(Score: 3, Funny) by bob_super on Wednesday October 01 2014, @10:17PM
(1) less expensive than clear proof that you belong on a dissident list, or worse
(2) They can try to agree to all listen to the leaders of the protest, rather than all talk. Or my friends and I can be the only one using the walkie talkies and watch the police knock at the neighbor's doors over the next months.
(3) That's a feature you should market, ideal for school kids and protestors (was a project at my eng school, never happened because cell phone did)
(4) You still have a phone for voicemail, it's just off when you're at the protest and you'll forward your messages (why?) when you're in a safer place.
Given the number of advocates of decentralized comms on SN, it's odd that the first reply I get prefers to use the state-controlled system.
(Score: 1) by Buck Feta on Wednesday October 01 2014, @10:29PM
(2) They can try to agree to all listen to the leaders of the protest, rather than all talk.
I'm sure the cops will agree not to talk on the protest frequencies.
- fractious political commentary goes here -
(Score: 3, Interesting) by bob_super on Wednesday October 01 2014, @10:41PM
Sure, the same way that they won't send txts to all people nearby saying "go home", or take down the cell towers, or turn off the internet, or filter specific protests websites, or release malware to all the smartphones nearby. They will also not charge the crowd nor beat up anyone with a camera and confiscate or smash their cellphones.
I'll keep my walkie talkie, because it contains no incriminating evidence nor provocating features.
If the cop sees me, he thinks "that guy is coordinating with his friends nearby" rather than "this guy is trying to broadcast the crackdown to the world, because he doesn't realize we've cut the world off".
It depends on which adversary you're facing, and how many people collaborate.
(Score: 1, Insightful) by Anonymous Coward on Wednesday October 01 2014, @10:58PM
> less expensive than clear proof that you belong on a dissident list, or worse
The authorities have cameras there already
> That's a feature you should market,
So now we've gone from "dirt cheap walkie talkies" to vaporware.
Go ahead and keep insisting that reality is wrong.
(Score: 3, Insightful) by bob_super on Wednesday October 01 2014, @11:07PM
Sure, reality is wrong...
The arab dictators got surprised by the power of cell phones during the Arab Spring; the rest of the world watched and learnt: This will never happen again.
From now on, if you protest any oppressive regime, your cell will either be rendered useless or used against you. Probably both.
If you don't believe that, I've got a very nice vintage bridge for sale, already by a bronze plaque dedicated to all gullible ACs.
(Score: 2, Insightful) by Anonymous Coward on Thursday October 02 2014, @12:20AM
> From now on, if you protest any oppressive regime, your cell will either be rendered useless or used against you. Probably both.
And yet that hasn't happened, not in Ukraine, and not today in HK.
That you think walkie-talkies will be a viable alternative is ridiculous. Name one pre-smart-phone political protest that used walkie-talkies even one-tenth as much as cell phones are being used in HK today. Orange revolution? Nope. Velvet revolution? Nope.
Here's the thing - you go to war with the weapons you have. People don't have walkie-talkies. That smartphones are imperfect and carry risks does not make them unfit tools. All protesting carries risks.
(Score: 2, Insightful) by Anonymous Coward on Wednesday October 01 2014, @10:28PM
I've been in a company meeting that failed to have proper mute control, with about 1000 participants. Even though these were all polite, highly paid professionals, it was absolute mayhem and no one could hear the speaker. 50,000? Good luck.
Not to mention that I imagine it would be trivial to jam the walkie talkie bandwidth, and the rest of Hong Kong wouldn't notice or care (jamming cell phone bandwidth would have a considerably larger impact, so wouldn't be feasible).
If you're too stupid to use your device safely, then fine, don't use it. But in case you haven't noticed, cell phones + social media have been HUGELY successful in helping to unite and organize protests in the past decade. They've done much more good than harm.
Sometimes I feel like "anonymous cowards" are the only voice of reason on this site and Slashdot. So much groupthink and lack of logic or critical thinking from everyone else; it's disgusting.
(Score: 2, Insightful) by Anonymous Coward on Wednesday October 01 2014, @11:04PM
Sometimes I feel like "anonymous cowards" are the only voice of reason on this site and Slashdot. So much groupthink and lack of logic or critical thinking from everyone else; it's disgusting.
Get over yourself.
Bob_super just has a mental disconnect on this topic. Sure it is of the type where geek denies human nature and claims impractical alternative is superior which is a really common genre of mental disconnect for sites like this, but he hasn't even been modded up and he probably wouldn't be. Now if his posts and his follow-ups got +5 you'd have a point, but they wont and you dont.
(Score: 2) by bob_super on Friday October 03 2014, @03:42PM
You should ask the families of the Tienanmen leaders whether the central government forgot about them. Thanks to people protesting with their cell phones, the Party can quickly get a list of the people who will spend the rest of their lives having more-or-less-minor administrative issues... Or worse.
Do that in other countries (HK is indeed special) and they will knock down your door, have some guy pay you a painful visit, or quietly put you on a no-fly list.
The Party doesn't forget the people who threaten the Almighty Stability.
(Score: 3, Insightful) by Anonymous Coward on Wednesday October 01 2014, @09:33PM
It's not the malware that's targeting the protesters, it's the DISTRIBUTOR of the malware. Saying "the malware is targeting protesters" is like saying "the bullets are targeting human bodies".
(Score: 0) by Anonymous Coward on Thursday October 02 2014, @02:49AM
So enough of cluttering discussions with worthless pedantry.
(Score: 2) by Tork on Thursday October 02 2014, @03:17AM
So enough of cluttering discussions with worthless pedantry.
Wait.. were you talking to him or you?
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by mtrycz on Wednesday October 01 2014, @09:48PM
I can't quite understand from TFS if the malware is iOS or android, but at this point it doesn't really matter. At this point I think they are all the same. My stupidphone arrived yesterday, it makes calls and sends sms, that's all I need it to do.
Can anyone explain how the mobile oses are such a colander, security wise? I mean Android is supposed to be based on linux. I was hoping in Firefox OS, but it doesn't have enough distribution to be actually regarded as real-world tested (security-wise).
In capitalist America, ads view YOU!
(Score: 1, Insightful) by Anonymous Coward on Wednesday October 01 2014, @10:10PM
there are versions of this malware for both, early reports suggest it is specifically been deployed to target these protests
I'm sure there is more that will come out as the story passes
(Score: 3, Interesting) by c0lo on Wednesday October 01 2014, @11:10PM
To avoid the case in which the question starts burning your subconscious, here's a pseudo-timeline
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Informative) by Horse With Stripes on Thursday October 02 2014, @01:45AM
I can't comment on all mobile device infections, but in this case (from TFA):
(Score: 2) by c0lo on Thursday October 02 2014, @01:57AM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2, Interesting) by Anonymous Coward on Thursday October 02 2014, @12:17AM
i'm looking for a program on google play that will turn my wifi enabled but sim-less mobile phone into a walkie-talkie.
my code-fu is limited but it should work like this:
1) no connection to the interwebz required. thus no central monster registry server.
2) all mobile phhones connected to same AP should "see" each other (pick a name or just the given device/hostname)
2.1) AP doesnt need interwebz connection. see 1)
3) tapping a available name should allow to send message or data or make voice call.
4)...
5) $$$ ;)
i know that the ap could be wired to a laptop with mumble and this would not need interwebz connection to function, but it is still one "central registry server".
so a sufficiently exposed/powerfull AP could cover a wide (not competing with mobile phone radio output power here) area.
in short: plain AP plus some APP on the phone and basically have a micro mobile phone network.
(Score: 0) by Anonymous Coward on Thursday October 02 2014, @12:35AM
I don't have an answer, but that is a great idea.
(Score: 3, Informative) by Nerdfest on Thursday October 02 2014, @01:21AM
What about Serval Mesh [servalproject.org]?
(Score: 0) by Anonymous Coward on Thursday October 02 2014, @10:05AM
thanks for link about serval.
the software that would go into a AP so that it can be used in a mesh network would be the next step.
at the moment im stillooking for a "toy" software solution just for the mobile wifi enabled computing device without reflashing the software in off the shelf wifi home user gear -aka- so called wifi routers.
as you might know, there are tiny and small AP available for home users.
I could bring one along on holiday to the beach and stick it to the window of the hotel facing the beach and then "call" my friend playing down on the beach ... for example.
I dont want/need a earthquake tsunami whatnot proof solution at this moment : )
start small from the bottom up and then maybe people will expand the code on it?
still looking.
(Score: 1) by JackZ on Monday October 06 2014, @06:56PM
It looks like they use a TP-LINK TL-MR3020 as a range extender. I think that might be what you are looking for. I did not look at it that closely. The 3 recent news items that reference it seem to be about cases for it...
(Score: 1) by crAckZ on Thursday October 02 2014, @02:02PM
scatternet? but i don't know enough about bluetooth or it's security. not sure if this is what you are thinking but i found this interesting though.
http://people.uwplatt.edu/~meqdadio/aodv-paper.pdf [uwplatt.edu]
(Score: 2) by http on Thursday October 02 2014, @02:04AM
Fucking cops, how do they breathe? This gem
is pure propoganda. Encrypted comms adds business value to...well, business. Ask any business exec discussing trade secrets. Or any legal professional - tax, family law, patent, notary...
Salient question: is using ssh and ytalk going to be the newest indictable offense in USA?
I browse at -1 when I have mod points. It's unsettling.
(Score: 0) by Anonymous Coward on Thursday October 02 2014, @09:05AM
Old Testament allows pedophile marraige:
Deuteronomy 22 28-29 in hebrew.
Lets men take young girls.
America has always hated religious freedom and loved wowser busybody women.