If you were one of an untold number of people who received a particular iTunes update, it will likely have planted a Trojan backdoor on your computer or smartphone (primarily iPhone or Blackberry) which allows government and law enforcement agencies access to your personal data. Let us be quick to add that this is a fake iTunes update. The malware (or “commercial software” depending on which side of this you are on) is sold primarily by three companies: Gamma FinFisher, Vupen Security, and HackingTeam. Gamma’s FinFisher product is from the UK, Vupen Security is out of France, and HackingTeam is in Italy, however all of the companies sell their software around the world.
First brought to public awareness a few days ago by Wikileaks founder Julian Assange, the revelation has been taken by some with a grain of salt because of the source. However, independent sources, including the Wall Street Journal, have confirmed the information.
While the companies such as Gamma FinFisher, Vupen and HackingTeam claim to only sell their software to legitimate government agencies and law enforcement departments, the methods that they use to get their software onto your system are anything but orthodox.
Gamma openly admits that their FinFisher software gets installed on target devices by, and we quote, “sending fake software updates for popular software.” By way of example, Gamma cites an instance where their FinFisher was used deployed an intelligence agency by tricking Blackberry users into downloading the FinFisher software, which the intelligence agency then used to “monitor all communications, including [texts], email and BlackBerry Messenger.”
In another example, says Gamma, FinFisher was deployed by intelligence agents “within the main Internet service provider of their country” and installed on people’s computers by “covertly injecting” FinFisher code on websites that people then visited.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Gamma FinFisher is marketed as being able to be used on all devices by Apple, Microsoft and Blackberry.
So far Microsoft and Research in Motion (who manufactures the Blackberry) have declined to comment on the matter.
Apple, however, has issued a statement, saying that Apple works hard “to find and fix any issues that could compromise systems” and in fact Apple released an iTunes update a few weeks ago intended to thwart such actions on the part of software like FinFisher, which is essentially a “man in the middle attack”.
This is of particular note because FinFisher is known to be installed on computers via a fake iTunes update.
[ Get the iTunes update to thwart FinFisher here. ]
It is worth noting here that at least one security researcher noted the security hole that allows this – and warned Apple about it – more than 3 years ago, and people are asking why Apple left it open (particularly when they are known to close security holes within weeks, not years) until it came to more public hue and cry now.
A statement released by Wikileaks claims that “Surveillance companies like SS8 in the U.S., Hacking Team in Italy and Vupen in France manufacture viruses (Trojans) that hijack individual computers and phones (including iPhones, Blackberries and Androids), take over the device, record its every use, movement, and even the sights and sounds of the room it is in. Other companies like Phoenexia in the Czech Republic collaborate with the military to create speech analysis tools. They identify individuals by gender, age and stress levels and track them based on ‘voiceprints’. Blue Coat in the U.S. and Ipoque in Germany sell tools to governments in countries like China and Iran to prevent dissidents from organizing online.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
