HackingTeam is an Italian company focused on offering offensive solutions for cyber investigations. In a recent conference, they revealed that they have found a way to actively monitor mobile devices running leading smartphone platforms. The list includes iOS, Android, BB10 and Windows Phone devices. HackingTeam’s solution Remote Control System (RCS) is designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable. Remote Control System is invisible to the user, evades antivirus and firewalls, and doesn’t affect the devices’ performance or battery life.
They revealed that “active monitoring” on Windows Phone devices was done using a OS Zero day vulnerability in Windows Phone OS allowing 3rd party code to execute as trusted app. Law officials can essentially get access to your photos, audio, email, sms, etc, on Windows Phone too. The only good news is that HackingTeam provides their software only to governments or government agencies and they do not sell products to individuals or private businesses.
We will reach out to Microsoft for their comments on this vulnerability in Windows Phone OS.
Thanks to Justin Angel for the heads up!