Mercenary hackers, HackingTeam, claim full control over Windows Phone on behalf of governments

When it comes to mobile platforms, Windows Phone 8 is reportedly very secure. Just look at the jailbreak scene on Windows Phone compared to Android and iOS. Sure, the lower number of handsets could be a valid reason why hackers haven’t exactly targeted the platform, but you think by know we’d be seeing more on the rooting/jailbreak front by now.

Publicly the platform is more or less secure. However, a mercenary-like hacking group called HackingTeam allegedly has control over all operating systems, including Windows Phone.

HackingTeam (hackingteam.it) is an Italian-based firm that offers offensive spying tools for governments. What are those tools you ask? HackingTeam is reportedly able to bypass encryption and monitor emails, files, Skype, and other VoIP communications. The firm is able to also remotely control cameras and microphones. It does all this through Galileo, its remote control system for governmental interception. Which is also reportedly available on Windows, OS X, iOS, Android, Blackberry, Symbian, Linux and more recently Windows Phone.

Head to the HackignTeam website and you’ll read that they believe:

“…fighting crime should be easy: we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities. Technology must empower, not hinder.”

Don’t worry, HackingTeam claims to be a first-class act and makes their services only available to governments that they don’t believe to facilitate gross human rights abuses. Never mind the fact that security researchers have found their software installed on goverment servers in Mexico, Colombia, Azerbaijan, Kazakhstan, Uzbekistan, Oman, Morocco, Sudan, Malaysia, Ethiopia, Saudi Arabia, United Arab Emirates and others. Countries that don’t exactly fly the flag high for human rights with transparent governments. HackingTeam claims to only sell their services to government agencies and never to individuals or corporations. They also say they don’t work with countries that have been blacklisted by the European Union, United States or NATO. 

More recently, HackingTeam’s work has been seen targeting the Ethiopian Satellite Television (ESAT). This is a group that was founded to promote free press, democracy, respect for human rights, and the rule of law in Ethiopia. The researchers will share more about this recent attack from HackingTeam in the coming weeks. The point? HackingTeam is targeting independent media, presumably for a governmental client that doesn’t agree with the work of ESAT.

Up above we mentioned that Windows Phone was a more recent platform for HackingTeam. Why? About a year ago their remote control system was called Da Vinci and it didn’t list Windows Phone as a potential platform for their clients. Today you’ll see their video (embedded above) list Windows Phone as a new target.

What changed in the past year? Windows Phone gained marketshare and by doing so became a target to hack. But our platform is fairly secure when compared to Android and iOS, how’s HackingTeam potentially doing this? The only way would be for them to have zero-day attack (undisclosed exploit) that elevates third-party code to execute as platform trusted code.

These claims from HackingTeam are either really terrifying or bogus. They’re a nightmare if true because it means an exploit exists on Windows Phone that Microsoft isn’t aware of. Plus, HackingTeam claims their Galileo services can capture data and send them back to the remote control system server encrypted and untraceable. Meaning if your Windows Phone has been targeted, there would be no way for you to know.

Again, these are claims being made by HackingTeam and could be completely bogus. If true, very scary. Thankfully Microsoft should be able to release a patch for all devices (even those infected) if the exploit is found. And that’s if it exists to begin with.

Be sure to watch speakers Claudio Guarnieri and Morgan Marquis-Boire speak about their research on HackingTeam if you’re interested to learn more details. Additional information on HackingTeam. 

Thanks to Justin Angel (@JustinAngel) for contributing and the tip!

Sam Sabri