Remote Control System (RCS) is a suite from the Italian company Hacking Team that provides all the functionalities that governmental interception needs. RCS, like softwares as FinFisher, is likely to provide a scalable, os-wide, spyware infrastructure.
Also the commercial of RCS Galileo claims that it is able to do really amazing things. Take a look at the commercial that follows
RCS seems that is able to:
- Force encryption.
- Gather informations not transmitted in the Internet.
- Monitoring targets outside the controllable domain.
- Spy via webcam and microphone.
- Get informations about the browsed web, exchanged documents, exchanged SMS etc…
- Available for… yeah… quite all the platforms maybe excluding Plan9 and few others 🙂
- Also geolocalization and spy on all Internet common applications.
- Untraceable by antimalware software or other security appliances.
- Hidden collection infrastructure. A network functionally like TOR to anonymyze the data gathering process, so it’s really difficult to know what government is tracing you.
- Capable to control, from a single point, hundreds of thousands of infected targets (Whoa! So many terrorists in one country… we are doomed!).
- Sold only to governments.
So this software infrastructure appears to be quite powerful and creepy. A recent study from CitizenLab (READ THE ARTICLE) traced RCS spyware worldwide and even in countries well known for repressive regimes while Hacking Team denies any contract or collaboration between them and repressive governments.
But there’s another point to analyze. RCS hits the target by phishing or exploiting vulnerabilities of the OS and this may be a common attack method for generic platforms like computers and also for Android devices that could install software from untrusted sources without problems but what about sandboxed systems like iOS and Windows Phone?
They asserts they can crack these platforms but if we consider a Windows Phone (that I know better) it’s clear that it’s impossible to install software from other repositories that are different from the Windows App Store* and it’s also clear that any unauthorized modifications of the kernel (by exploit or similar) will cause Secure Boot to fail. It’s also known that Chambers and Capabilities sandbox the system enough to prevent data stealing more complicated.
So, how can be possible to be infected by a spyware on WPhone/iOS devices? I think there are few cases
- The spyware is hidden in a app in the original app store. This is bad because this means that Microsoft/Apple app check is not enough strong to prevent malware infiltrations on the official store.
- Hacking Team is exploiting some serious vulnerabilities in the WPhone/iOS devices and break Trusted Computing protection systems.
- Only some tracing capabilities are possible on these devices and not every point in their commercial.
- Microsoft/Apple and the others knows about Hacking Team and similar companies and bend to government requests… some shit like Snowden files.
First two cases are possible but highlights a low system security of the products, third scenario may tell us that RCS is not exceptional as they claim, while the last scenario is the worst because hypothesizes a collusion between governments and software/hardware vendors to fill the market with unsecure exploitable devices.
The problem with RCS and similar software infrastructures is not the spyware capabilities themselves, claimed to be used by legal governments to prevent terrorism and give us a quiet life but the fact that is built to perform large scale, untraceable surveillance.
To trace a terrorist you do not need to infect and eavesdrop hundreds of thousands of targets logging data and activity without leave any trace of the country from the attack is performed.
Such scalable attack is more similar to the requests of a surveillance state than anti-terrorism intelligence.
A government should never spy on his citizens but sometimes these techniques are useful to combat crime. I only hope that these surveillance infrastructures will be used for the safety of the population and not to control it.
(*)until you have a Company account or developer account but this way you can only install Company applications or your compiled applications.