A ‘hacking campaign’ against Android phones, explained

/in


Amnesty International revealed this week that its Security Lab has uncovered a “sophisticated hacking campaign by a mercenary spyware company.” They say it has been running “since at least 2020” and takes aim at Android smartphones with a number of “zero-day” security vulnerabilities. (A “zero day” vulnerability is an exploit that is previously undiscovered and unmitigated.) 

Amnesty International disclosed the details of the campaign to Google’s Threat Analysis Group, so it—as well as other affected companies, including Samsung—have since been able to release the necessary security patches for their devices. 

Amnesty International’s Security Lab is responsible for monitoring and investigating companies and governments that employ cyber-surveillance technologies to threaten human rights defenders, journalists, and civil society. It was instrumental in uncovering the extent to which NSO Group’s Pegasus Spyware was used by governments around the world

While the Security Lab continues to investigate this latest spyware campaign, Amnesty International is not revealing the company it has implicated (though Google suggests it’s Variston, a group it discovered in 2022). Either way, Amnesty International claims that the attack has “all the hallmarks of an advanced spyware campaign developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks.”

As part of the spyware campaign, Google’s Threat Analysis Group discovered that Samsung users in the United Arab Emirates were being targeted with one-time links sent over SMS. If they opened the link in the default Samsung Internet Browser, a “fully featured Android spyware suite” that was capable of decrypting and capturing data from various chat services and browser applications would get installed on their phone. 

The exploit relied on a chain of multiple zero-day and discovered but unpatched vulnerabilities, which reflects badly on Samsung. A fix was released for one of the unpatched vulnerabilities in January 2022 and for the other in August 2022. Google contends that if Samsung had released the security updates,…

Source…