Mercenary hackers, HackingTeam, claim full control over Windows Phone on behalf of governments

By Sam Sabri
published

When it comes to mobile platforms, Windows Phone 8 is reportedly very secure. Just look at the jailbreak scene on Windows Phone compared to Android and iOS. Sure, the lower number of handsets could be a valid reason why hackers haven’t exactly targeted the platform, but you think by know we’d be seeing more on the rooting/jailbreak front by now.

Publicly the platform is more or less secure. However, a mercenary-like hacking group called HackingTeam allegedly has control over all operating systems, including Windows Phone.

HackingTeam (hackingteam.it) is an Italian-based firm that offers offensive spying tools for governments. What are those tools you ask? HackingTeam is reportedly able to bypass encryption and monitor emails, files, Skype, and other VoIP communications. The firm is able to also remotely control cameras and microphones. It does all this through Galileo, its remote control system for governmental interception. Which is also reportedly available on Windows, OS X, iOS, Android, Blackberry, Symbian, Linux and more recently Windows Phone.

Head to the HackignTeam website and you’ll read that they believe:

“…fighting crime should be easy: we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities. Technology must empower, not hinder.”

Don’t worry, HackingTeam claims to be a first-class act and makes their services only available to governments that they don’t believe to facilitate gross human rights abuses. Never mind the fact that security researchers have found their software installed on goverment servers in Mexico, Colombia, Azerbaijan, Kazakhstan, Uzbekistan, Oman, Morocco, Sudan, Malaysia, Ethiopia, Saudi Arabia, United Arab Emirates and others. Countries that don’t exactly fly the flag high for human rights with transparent governments. HackingTeam claims to only sell their services to government agencies and never to individuals or corporations. They also say they don’t work with countries that have been blacklisted by the European Union, United States or NATO. 

More recently, HackingTeam’s work has been seen targeting the Ethiopian Satellite Television (ESAT). This is a group that was founded to promote free press, democracy, respect for human rights, and the rule of law in Ethiopia. The researchers will share more about this recent attack from HackingTeam in the coming weeks. The point? HackingTeam is targeting independent media, presumably for a governmental client that doesn’t agree with the work of ESAT.

Up above we mentioned that Windows Phone was a more recent platform for HackingTeam. Why? About a year ago their remote control system was called Da Vinci and it didn’t list Windows Phone (opens in new tab) as a potential platform for their clients. Today you’ll see their video (embedded above) list Windows Phone as a new target.

What changed in the past year? Windows Phone gained marketshare and by doing so became a target to hack. But our platform is fairly secure when compared to Android and iOS, how’s HackingTeam potentially doing this? The only way would be for them to have zero-day attack (undisclosed exploit) that elevates third-party code to execute as platform trusted code.

These claims from HackingTeam are either really terrifying or bogus. They’re a nightmare if true because it means an exploit exists on Windows Phone that Microsoft isn’t aware of. Plus, HackingTeam claims their Galileo services can capture data and send them back to the remote control system server encrypted and untraceable. Meaning if your Windows Phone has been targeted, there would be no way for you to know.

Again, these are claims being made by HackingTeam and could be completely bogus. If true, very scary. Thankfully Microsoft should be able to release a patch for all devices (even those infected) if the exploit is found. And that’s if it exists to begin with.

Be sure to watch speakers Claudio Guarnieri and Morgan Marquis-Boire speak about their research on HackingTeam if you’re interested to learn more details. Additional information on HackingTeam. 

Thanks to Justin Angel (@JustinAngel) for contributing and the tip!

Sam Sabri
Sam Sabri
114 Comments
  • The only thing worse than criminals are criminals who work for governments.
  • government themselves are d biggest criminal organisation.. legal terrorism
  • +1 however, dan/sam hire a proof reader for mobile nations. By know....by now..^^^ end of the first paragraph
  • This is what irks me about you "corrector's", you always make your bullshit fixes yet are not perfect in your own construction of language. Did you start your sentence with a capital letter? [the most basic rule of language] No you did not so please don't be a smart alec as nobody likes them.
  • ur own punctuations r wrong.. dis is cellphone language bear wid it or stop browsing
  • Yes they are. That was a clever trap hole placed by me to see which smart Alec would be bold enough to bring it up, but not brave enough to hazard a guess at what was actually wrong. As predicted you did not highlight the error so tell me, smarty pants, what "punctuation" is wrong?
  • more than 1 mistake found.. find it urself or go back to school
  • I have a degree in Linguistics and English Language, I know I only made one error.
  • besides having a degree u made one error dat also while pointing out someone else's errors... dat shows d degree is made by u urself
  • You are incorrect in what you think you know.  There are multiple errors. Three errors: ""corrector's", you" should be "correctors."  Multiple errors: "? [the most basic rule of language]" should be "(the most basic rule of language)?"  In addition, starting a sentence with a capital letter could hardly be considered the most basic rule of language. And some more: Comma after "No".  Period after "not."  Capitol "S" in "so" and a comma following.  And "them" at the end should be "one" since you are only referencing one smart alec.   That's what I caught.
  • I think "correctors" is the only mistake. You are splitting hairs with the other mistakes that you mention.
  • +1520
  • “New orders: Make sure everybody who doesn't want to live here is aboard in five minutes. We are leaving.
    -Captain Kevyn Andreyasn” 
    ― Howard Tayler, Schlock Mercenary: Resident Mad Scientist Seems fitting to the subject at hand.  "To the fortress of Solitude!" 
  • Agreed Daniel. Governments hang a clip an id badge on these people and its suddenly legitimate.  This behavior when done by the same guys in an apartment doing the same thing without an id badge end up prosecuted and locked up for 30 years.
     
  • +920
  • Hmm.... ESAT is independent and the only way to get real news out of a so called "Democratic Federation" that owns all the telecom and media based in the country and filters content much like they did during the Derg. I think its pretty clear who the hacker group is working for in that instance and human rights has nothing to do with it $$$.
  • But hey, at least the criminals are noticing Windows Phone now, compared 1 yr ago. No pain no gain. This will make MS to step up with the phone security too. Why not?
  • I agree...and there's no surefire way to stop them.
  • Daniel, you're the best.
  • I am glad someone finally call them criminals. The thing is those criminals don't hide. They even have a service running. They even anounce what they are going to do next. They probably have a legal office somewhere, get funds to do what they want.
  • I think its bogus..
  • Usually you follow that up with an argument of some sort...I'll be waiting over here.
  • http://imgfave.com/view/1750372 in his dream, he knows
  • Lol
  • off topic daniel, but have you gotten any tips on the store link to beats music yet?
  • Nope
  • Well, my argument for why it seems bogus is, why advertise that you can do this? That's like sneaking into a bank vault and then intentionally setting off the alarm. What's the benefit for them of telling everyone?
  • Because they're a legit company for hire? How else are they supposed to advertise "We're hackers...hire us as we'll hack...uhhh...stuff"?
    But don't take our word, Bing their name around, read for 5 minutes and tell me that they're bogus.
  • I don't agree with either of you but they don't need to advertise, they can reach out to governments direct.
  • I know my lot in life and advising mercenary hackers on business decisions is beyond my pay grade. If they feel they need to, not my place to tell them otherwise.
  • Lol your responses make the comments fun sometimes :)
  • Lol, I'm a bit of a smart-alec, so I've been told
  • My response was going to be similar to moc426 in that they would be better off reaching out to governments directly (this seems to be what the Chinese mercenary hacking groups NetTraveler and HiddenLynx have done with the Chinese government), but, I don't run a hacking firm or a government, so maybe I'm wrong about that. I just think that if I did run a mercenary hacking firm, I wouldn't post hubristic details about our feats online for our potential enemies to see and use against us. Either way, Microsoft better lock this OS down.
  • Ever read " Soldier of fortune"? I mean the magazine....
  • Criminals use flip phones. Say his name!
  • I see what did here!!!! :D
  • In Nokia Lumia case it's impossible. If it were possible numerous guys tring to root / unlock the phone would have a custom Windows Phone OS build out by now. Based on this alone I call this bogus. No app can gain admin rights in Nokia phone. No admin rights no root no unlock no control...
  • No unlock for HTC WP either.
  • You wrong, there is made a root for 1 single windows phone.. L920
  • Yes but there is no way to gain admin / root control via downloaded app only. Unless you have a source that claims otherwise I still call it bogus... SIDENOTE: There is always a possibility that Micrfosoft has left a backdoor for NSA, but I think that this would be known by now if it's really true...
  • Someone needs to do something about this. I think its time anonymous gets a new target.
  • What if hacking team is a front of anonymous...
  • Anonymous doesn't work for the government. They work against it.
  • What if anonymous is a front for the NWO, lead by Kevin Nash, X-Pac and Dennis Rodman
  • Now what if one of the said members went rogue and made an app that could be sideloaded for dev-unlocked devices to be either Inter-Op'd or have 100% access to everything?
  • Cannot Be made by a app, cuz windows not has open api
  • "Don’t worry, HackingTeam claims to be a first-class act and makes their services only available to governments that they don’t believe to facilitate gross human rights abuses." Yet the USA or UK aren't blacklisted? Hmm.
  • No government is perfect, but some are definitely higher up on the list of human rights abuse than others. 
  • If you rule, you decide who is abusing human rights.
  • Well. Some qbuse just their own countries rights. Others abuse ot worldwide
  • Buy a bunch of 520's as burners. Done.
  • Lmao
  • Seriously? You guys decide to run this rather than the ATIV Odyssey being InteropUnlocked making it available on all Samsung Windows Phones? I know its a minority device, but c'mon! I didn't have to go completely out my way to purchase one of these, just to get the app-id everyone on it to be left out! I mean its almost the devices one year anniversary!
  • We'll get to that but I'll be honest, the whole interop scene is really a non-story. After the lack of success on wp7 of the projects and the dismal reactions we get to those articles, sadly WP is just not a hacker friendly platform in the sense that many people are looking to do it.
    That and it was overlooked in our tip queue, so look for something today on it. Sorry!
  • True, the only current benefit to obtaining Interop is getting three tiles (which is kinda overkill on the tiny thing) or enabling fm when its been disabled. I also still thing its good for pointing out to MS that "Hey I've got an exploit here" and the OEM to realize that they shipped somthing that shouldn't be public anyways. I didn't mean to be rude, sorry just spur of the moment annoyance.
    Anyways, the only way that you would know if your device was hacked is by checking your routers logs...
  • No worries, I understand you guys work hard on that stuff and you want coverage, that's fair and I appreciate the work. Always feel free to poke us, as truth be told I was out of town and some things get lost in the shuffle.
  • Well it hard enough getting xda to publish stuff we do and not have it disappear being page 2 on their news. Thanks and hope your time away wasn't too terrible. :)
  • Sounds more like a marketing gimmick to me. Lol
  • On the wp7 front, I've been following the WP7 HaRET thread on XDA. Looks like they've all but finished it, and are dragging their feet with an app-interface for it. Of course it's not very useful on its own, since without drivers it's really just a proof of concept, but hey, I'd call that worthy of a story (when it gets released). Though I imagine 90% of the WP reader base will misunderstand "proof of concept"...
  • Pretty good marketing language i'd say.
  • Who's the creep in the video?
  • [comment about "creepy" removed]
  • I named my empty 520 "main phone with all personal info" and called my packed 1020 "shit phone with nothing on but a picture of my dong" now I'm no genius, but I'm pretty sure im safe :D
  • lol :) +920
  • How do I know the stories are the best group of intelligence in the world is and was the Order of Jesuits, righteous roles militia troops and intelligence for the Vatican. It's a curiosity of the dark history cards.
  • I wouldn't be all that surprised if there were a few zero-days out there (as in more than one). You jailbreak an iPhone, root an Android device and interop unlock a Windows Phone by taking advantage of some kind of unpatched exploit. Finding and patching zero-days and other exploits is a never ending game of cat and mouse. A good developer or software company knows this will make every effort to write code that is as secure as possible, but even then its only a matter of time if someone is willing to attempt to brute force your code.
  • So, from now all my data on my phone is available for not small amount of people? Great...
  • To these guys I say, "prove it". You won't show me how, but show me what you can do. This is all marketing, so access and real access can be two very different things.
  • Well, giving full access to both pc and phone via apps like PC remote apps or password depot's which save "things" on "safe" servers...
  • Knowing what I know on WP I would be very surprised if this is not bogus or at least valid under very specific and virtually non existant circumstances (like people walking around with fully unlocked phones).
  • Those are quite some countries that you put into the "sounds evil" pot - pretty sad sweeping assumptions.
  • Yeah, what the hell does México and Colombia doing in that list?
  • Colombia had a high call interception for non goverment associations and senators, just like the NSA did.
  • Oh, so that makes them totally human rights violators /s
  • The issue here is there are several barriers to this... One they have to get code onto a phone, which could be in two ways: app in store with buried hack, IE or mail exploit or similar or some other OS breach. Next you have the issue that the OS only runs signed apps, and so how do you get something on there to run? Kind of points to the app itself being the entry point as that way it is signed. So somehow they have breached the app sandbox to permit it to do more interesting things, potentially which running as a background app. If this is the case it should be easy to vet apps until that hole is fixed. Will be interesting to see what they really have if anything. .
  • It only runs signed apps but at what level is the signing checked?  If you can execute code at the OS layer then the checks applied to app running won't matter, you're essentially inlining code into an already running process.  There should be no doubt that they have found something - the WP code has no vetting outside of MS.  We've been seeing a nonstop flow of exploitable code for nearly 20 years now even in highly peer-reviewed projects.
  • Why was the USA not mentioned as one of those countries igoring its citizens rights. Any violation of our privacy is unacceptable and a violation of our freedom! No matter how clever these guys are,what they are doing is criminal.
  • Paah just Internet hacker wannabes' wanting free publicity. Governments have there own agencies to do this stuff. But then again I can see why Governments and Businesses would prefer to use an un vetted loud group of bedroom warriors who like to proclaim on how good they are at doing all sorts of cool highly illegal stuff at every opportunity.
  • What about disgruntled ex-employees...
  • Do I care if somebody sees what I say on facebook, or what sort of p0rn0graphy I watch online? Nope. Can I be assured that they only scan for "keywords" in the data, for prevention and early detection of potential criminal behaviour? Probably not. Do I care if somebody sees the username and password I use for online services (especially internet banking)? Yes! Conclusion: Do I trust people's discretion when they go through my internet data? No.
  • +920
  • Person of Interest
  • I love that program. But Harold Finch's and John Reese's discretion makes them trustable. If I didn't know them, I wouldn't trust them.
  • Great show. Great writing, acting, and production.
  • There really doesn't need to be an exploit within WP itself to get at any of the data they claim they can get at.
  • Way to turn an article teasing a windows phone hack into more news that describes our impending destruction! Lol I didn't know about that firm though. They say they are using tech to empower but fail to mention it's only for the already powerful (psychopathic) to "hinder" the freedoms of the less powerful. Thanks
  • First of all, there is no proof, second, they say just "Windows Phone", it could be just WP7, that can be completely jailbroken.
  • generally speaking, I consider everything that's connected to the internet unsafe - if You really care about something, burn it on a DVD and lock it away
  • Except DVDs deteriorate much faster than they originally thought...just sayin'
  • really? On what time scale? like shorter than an average life time? Who cares about my data anyway in the future? ;)
  • It's _much_ quicker than you would expect, like as short as a few years in some cases.  To grossly summarize the cause, air trapped in the layer between the metallic film and the plastic causes the metallic film to tarnish.  
  • I had no idea, nothing is permanent, right..
  • If all the logs created are uploaded to skydrive and sent to our emails too. Maybe we can find out if we are getting hacked. Maybe they are using the Mobile Network to access our phones. In that case we have to change our entire calling system.   Many people are still using non smartphones are they hacked too? I dont think criminals use their regular phones for crimes. They would instead use cheap phones with fake registered sims. If i was to hit a plane in a building, i would not skype usama bin laden. I would use a stolen phone.
  • Hmmm, that's got me convinced...........NOT!
  • Criminals may not use smartphone, they probably use old gsm-only phone, in those cases other medium are used to intercept them (like Echelon....). I'm not surprised at all. And btw, i saw the speech by Morgan Marquis-Boire, he work for Google ($$$)....just saying...he's not richard stallman....  
  • For all we know, they're using a backdoor that the NSA has forced all tech companies to include in their Operating Systems. So instead of having to do fancy hacking, they just enter in a secret code given to them by the NSA.
  • Damn these Italians with their mafias!
  • The government can read my texts all they want, I don't give a shizzle.
  • Are you serious? The United Arab Emirates doesn't care about human rights? I don't know if you ignorant people have ever visited this country but it welcomes all people (only 20% of the population are Emirati) and respects everyone.
  • Except  woman who report sexual assualts. 
  • These guys are suggesting they've got access to all these phones - they mention blackberry - i didn't think BES could be cracked? Ok, sure, it is rather naive to think something cant be "hacked", or whatever term one wants to use - either way this is getting ridiculous! And give the speech just given, re information gathering et al, this company may just be trying to get in early on all the new govt contracts that will probably pop up - seeing as mass retention and surveillance is going to be popped onto someone else's plate. Where will this all end?
  • Which T-Mobile device is that in the picture? The edges are too flat to be a 925. It looks more like a 929 but I don't see the two stripes that are supposed to be next to the battery connector.  Looks pretty neat.
  • It is a 925. The corner is croppped so you cant see the band. I tlooks slightly square but I think that's just the reflection. The bottom looks flat bit the right edge is bevelled.
  • +920
  • Funny how the article mentions all those countries but somehow forgets to include the US. I guess it's because the US government has such an immaculate reputation for ethics and respect for human rights in regards to communications that it's not even worth mentioning.
  • "The only way would be for them to have zero-day attack (undisclosed exploit) that elevates third-party code to execute as platform trusted code."   I was just about to say that.
  • Is it possible to share the wallpaper used on the phone, please?
  • take screenshot (win+pwr) or Nokia beamer the phone to a pc and take screenshot
  • This is nonsense. As if organised criminals are going to talk on a phone registered to them and a use a device that can run such software. This is just governments spying, plain & simple.
  • Ever wonder why more and more phones can't have there batteries removed?
  • Leave your phone on an amplifier, it will chirp every 29 mins to update cell tower, if it goes off any more and the phone didn't ring/txt/email/etc or it gives steady buzzing then your being listened to/watched. Turning phones off wont fully turn the phone off, only pulling the battery does. To be safer pull sim too. Using Nokia Beamer near an amp will give the same effect
  • 1. Make outrageous claims. 2. Outrage ensues, free publicity follows. 3. Profit.
  • Bro I wanted a game called war2 commander to be hacked please have a look on that game and reply me @ rohancute4@gmail.com
  • windows phone is great phone espact andriod phone .the funtionality of windows phone is better than andriod phones. the touch is flexible and soft. very easy to use and user friendly operating system. its is good for ebooks reading.