The FBI has been known to use malware to spy on suspects via their computers but mobile phones make even better sources of information.
Just think about it: the great majority of people carries their mobile phones everywhere with them, and surreptitiously turning on the device’s microphone can result in crucial information being gathered.
Former US officials have revealed that the FBI has been using mobile malware to compromise suspects’ Android-based phones to record conversations happening in the presence of the device and to exfiltrate data from it that might offer more insight into the suspects’ potential criminal activities.
According to the WSJ, a permission to do that is more easily secured from a court that that for listening into the suspects’ communications made via the device.
It’s interesting to note that this approach is used in organized crime, child pornography or counterterrorism cases, and rarely – or possibly never – to target hackers.
The thing is that in order to install such spyware on the device, there has to be some user interaction. The target must follow a web link or a link delivered to him via email in order to land on a website that will exploit a vulnerability in his software to make the malware download on the device – and hackers are more likely to detect the attempt, look into it and publicize it.
A former official in FBI’s cyber division claims that the Bureau creates some of the hacking tools internally, and buys additional ones as well as exploits for zero-day vulnerabilities from private companies such as HackingTeam SRL and Gamma International, both of whom were recently dubbed “corporate enemies of the Internet” by Reporters Without Borders for selling products that are liable to be (and have been) used by governments to violate human rights and freedom of information.