A new report by a Lookout, a Cybersecurity
company, has generated renewed interest in the security, or lack thereof, of
WeChat and QQ (https://blog.lookout.com/xrat-mobile-threat). Despite this,
there has been limited attention paid to this explosive new revelation.
It has long been known that due to WeChat
keeping its servers inside China, the lack of legal protection of privacy data,
and the control over companies by police, that WeChat data is not safe, and
can, without protection, be accessed by police or other state actors more or
less at will. This has naturally made people shy away from using WeChat for any
more serious or political discussions. More and more court cases of people
being prosecuted simply based on private chat messages to friends have further
illustration this. At the same time, at the time of the Occupy Central movement
in Hong Kong, it was shown that a ‘Trojan’ virus was being employed to surveil
users remotely.
xRAT. That’s the name of the new discovery.
Like the earlier virus found, it’s a ‘Trojan’ virus, meaning it masks itself as
something else, for example a PDF file, and you will be unaware of if you have
it on your phone by now. It specifically targets you through your WeChat or QQ
account.
So what’s the big deal?
The ‘Trojan’ operates with administrator
privileges. It means it can access and control any and all aspects of your
phone. It also means it can do so without you noticing. In fact, it can
remotely get ‘full control’. If you want to understand what this means it is
this: it has as much access to your phone as if you were to give it to someone,
and then tell them your PIN code. Full control.
This means that not only your WeChat or QQ
use is exposed. All of your phone is exposed. Photos stored, downloads,
documents, any Apps to other services installed, chat logs, phone records,
contact lists, and of course, your browser and its entire browsing history,
which may include credit card and password and login information to other
service, for example encrypted emailing you use.
In short, any phone that has WeChat on it,
and is also used to access work emails, or secure chat programs like Telegram
or Signal, can now be in the hands of Chinese police or state security. For the
community of supporters of human rights in China it moves from bad to terrible.
You can now, if you communicate with human rights defenders in China through
secure Apps or emailing on a phone that has WeChat or QQ installed,
inadvertently be giving the Chinese police material that will incriminate those
human rights defenders and land them in prison.
To make matters worse, administrator
privilege means you microphone can be turned on, and stream whatever is heard
to the Chinese police. Same with video camera and camera. It is a most
sophisticated spying tool with far-reaching consequences. It can, it goes
without saying, read you location, as well as the specific meta-data of your
phone.
If that wasn’t enough, there is one last
thing, which makes it such a sophisticated virus. It can auto destruct itself.
And when doing so, it can not only delete itself from your phone, but wipe much
of your phone log data, making it hard even for technically skilled people to
know that the virus was ever there. In short, you might never know if your
phone, your use, is the reason someone has landed in prison.
A number of control centers in China has
been identified to where such data and traffic goes. The code is such that
there is little doubt that this ‘Trojan’ comes from the same people behind the
earlier ‘Trojan’ targeting Hong Kong Occupy Central people, just much more
sophisticated.
Should I worry? What to do?
First off, there is still some lack of
understanding how the infection spreads to your phone. At the same time, there
is little reason to think resources would be spent to develop such a tool, and
then not try to use it. An earlier, much less sophisticated version, was used
extensively during the Occupy Central movement. Why would the police and state
security organs not use a tool if it’s already been developed, and if it’s this
powerful? It should go without saying that you need to operate as if it’s being
used widely, and as if you were a target.
Most people with risk awareness will already
have made sure to not use WeChat or QQ, or if they felt a strong need to have
it, have it installed on a second phone which is not used for anything else. If
you need WeChat, like many unfortunately feel they do, at the very least,
install it on a blank, factory-reset second phone, like a super cheap android
phone. Due to microphone remote control, make sure to never have it in your
office or at any discussions.
Secondly, your current phone, if infected,
will not be secure just by uninstalling WeChat and QQ. You will have no choice
but to do a factory reset. This may be an inconvenience, but it is the only
way. It goes without saying that any existing PIN codes, passwords to work
emails, etc., will need be changed after you have done this factory reset.
From:
https://m.letscorp.net/archives/123079?from=groupmessage&isappinstalled=0
(This article is reprinted from other source. Its contents, analysis and
conclusions may not reflect those as supported or advocated by AVA)
No comments:
Post a Comment