An advanced spyware has recently been discovered by researchers at Symantec and Kaspersky Lab. This spyware, called Remsec, has been active as far back as October 2011. Remsec is highly sophisticated and uses stealth techniques and encryption to avoid detection, something that it clearly does very well. Once deployed, Remsec opens a backdoor into the infected system, monitors network traffic, logs keystrokes, and has the ability to steal files. It also allows for custom modules to be deployed into the infected system.
Researchers have suggested that Remsec might be the work of a nation state due to its sophistication and have found IP addresses within the U.S. that may have a connection to it. The targets that have been discovered so far are in countries such as China, Russia, and Iran among others. According to researchers at Symantec, none of the currently known infections appear to be normal targets for APTs like this one, which brings up a lot of questions about who might be behind this, and what their goal is.
An amendment to Rule 41 would allow the FBI to obtain a warrant from any court to hack multiple computers rather than from one with jurisdiction over the target’s location. All the FBI would have to do in order to get the warrant would be to prove the target is obscuring their location.
Therefore, the FBI would theoretically only need one warrant from anywhere in America to hack multiple computers all over the world. This is scary to think about. Tor users should be aware of this.
Some people seem to be not as worried stating that the FBI would still need probable cause. They also point out the logic in that it is hard to get a warrant to hack a computer if you cannot determine the computer’s location.
This will go into effect starting December 1st unless Congress blocks it.
Apple’s head of security engineering and architecture, Ivan Krstic, announced that apple is ready to open up its vulnerability reporting process to researchers. They are launching a bug bounty program that offers rewards for zero-day vulnerabilities that allow vicious code exploits.
This idea came about after an incident involving an activist in the United Arab Emirates, Ahmed Mansoor, where three zero-days were discovered with the ability to spy on his messaging and calls. This incident caused Apple to realize that hackers had shifted their focus from desktops/laptops to mobile phones.
The iOS exploit used to target Mansoor was a three pronged approach that started as a very believable phishing attack that when clicked downloaded two kernel exploits to the device. Now that the malware has been exposed, Citizen’s Labs has discovered that the exploit was the work of an Israel based surveillance software developer group, NSO. Lookout estimates that the exploit has been available for purchase for approximately two years.
Now that the NSO group has been made public and the zero-days have been patched there are now ways to scan if your devices have been compromised and Apple is pushing harder than ever before to find its vulnerabilities.
Apple zero-days mark a new era of mobile hacking