Flash before your eyes: Hacking technology for law enforcement revealed
RCS Lab is an Italian surveillance contractor with one very scary product. Their website boasts an “impressive installation record in several countries,” but a recent video of a secret product demonstration makes that phrase significantly more ominous.
The video shows a presumable employee of RCS explaining to a potential buyer who their program, Mito3, works. Mito3 can work on any website and in any browser. All the agent has to do is click on a dropdown menu and select “inject HTML.”
This causes a popup disguised as an Adobe Flash update installer to appear. If the user clicks update, as many tend to do absentmindedly, the user is then infected with spyware.
Exiting the installation won’t save the user either.
“Because in reality, at this point, he’s already infected,” the RCS employee explains in the video. He compared the installation process to being like a movie to aid the illusion.
As Motherboard pointed out, hiding malware in fake Flash updates has been done in the past. However, a confidential brochure obtained by Motherboard shows that the extent of the spyware is breaking new grounds in invasions of privacy.
Once Mito3 has infected a computer, the agent can do anything from listen to phone calls on mobile platforms, read text messages, peep in on video calls and even follow social media activity.
The concern here is less about digital peeping toms, because the price for this kind of software is prohibitive to many people. Rather, it is more about potential governments and law enforcement agencies using it to not only track a target, but to track a target through almost every aspect of their life as it relates to cellphones or computers.
Governments around the world have been cozying up to spyware developers and hackers. For example, when Apple refused to develop a backdoor for the San Bernardino shooter’s password protected iPhone, the US government turned it over to an Israeli company that was able to develop a method for breaking into the phone. While that may not sound bad, unfortunately that way could potentially work for any iPhone.
In late August, a surveillance company called NSO Group developed malware that was able to take complete control over an iPhone by using three flaws in the operating system that were previously unknown. The Israeli outfit issued a statement clarifying they only sell to “authorized governments.” What that means remains to be seen.