如何應對微信和QQ的爆炸性新型間諜軟體?
文章來源: china change
.jpg)
網路安全公司Lookout在對微信和QQ的安全性(或者缺乏安全性)進行了研究后,最近發布了一份新的報告(https://blog.lookout.com/xrat-mobile-threat)。儘管研究結論十分驚人,但卻沒有能夠引起足夠的注意。
微信的服務器在中國大陸,那裡缺少對私人數據的法律保障,公司處於公安的控制下,所以微信的數據沒有安全保障,隨時可以被警方或其他政府部門監控以及瀏覽。這是早已為人所知的事實。因此很多人在進行政治或比較嚴肅的討論時都不再使用微信。在越來越多的法庭案件中,一個人被起訴僅僅是基於和朋友的私密聊天記錄,這也證實了微信是不安全的。與此同時,在香港佔中運動期間,一種 「特洛伊」木馬病毒被用來遠程監視用戶。
這次研究發現的新病毒名叫xRAT。和早期發現的病毒一樣,這也是一個特洛伊病毒,這意味著它會偽裝成別的軟體,比如一個PDF文檔,就算你的手機內現在已經有了這個病毒,你也無從得知。這個病毒通過你的微信和QQ賬戶而將你作為目標。
它的威脅是什麼?
特洛伊病毒具有管理員的運行許可權,也就是說它可以進入和控制手機內的方方面面,而且能在你不知情的情況下操作。實際上它還可以遠程對你的手機實行「完全監控」。簡單來說,它所具有的許可權就好比你直接將手機交給某人,然後告訴他你的手機密碼。那人想幹什麼幹什麼。
也就是說不僅僅是你的微信和QQ的信息被曝光,手機所有的操作都會被曝光。存儲的照片、下載的東西、文檔、已安裝的應用和服務、聊天記錄、手機歷史記錄、通訊錄,當然,還包括你的瀏覽器和整個瀏覽器歷史記錄,這可能包括你的信用卡號和密碼以及任何其他服務的登錄信息,比如你使用的加密郵箱。
換句話說就是任何手機只要是有安裝了微信,同時也在用這個手機登錄工作郵箱,或是安全的聊天軟體比如Telegram或Signal,就很有可能已經被中國警方或國安掌控了。對於中國的人權支持者群體來說,這比糟糕還要糟糕。如果你用已安裝了微信和QQ的手機與其他的中國維權人士用安全軟體溝通或發郵件,相當於無意間給警方提供了將那些人權捍衛者送進監獄的支持材料。
更糟糕的是,病毒擁有管理員許可權意味著你的麥克風可以被啟用,你發出的任何聲音都可能流向監視中的中國警方,被他們聽到。這同樣地適用於照相機和攝像機。這是一個能造成巨大後果的最先進間諜工具,它根本不需要讀取你的地理位置,也不需要你手機的具體元數據就能照常工作。
如果這些還不夠,再列出一件事,也是為什麼它是如此先進的病毒的原因。那就是它可以自動銷毀。當它自動銷毀的時候,不僅僅是將自己從你的手機中刪除,並且會儘可能的刪除你手機內的腳本信息,這令很多的技術高超的人都無從得知這個病毒曾經在手機內存在過。也就是說,你也許永遠不會知道你的手機和你操作手機的方式是將其他人權捍衛者送去監獄的原因。
在中國大陸,這些數據最終所流向的控制中心已經被識別出好幾個,而且毫無疑問這個「特洛伊」與早前攻擊香港佔中人群的背後是同一批人,只不過這一次的要更先進得多。
我應該擔心嗎? 我該怎麼做?
首先,我們還不太明白這種病毒是如何傳染到你的手機的。同時,他們既然開發了這麼高端的軟體,就不可能不派上用場。早前,一個更簡單的版本廣泛地用到了佔中運動的人群身上。警方和國安機關有什麼理由不使用這個他們已經開發好的、如此強大的軟體呢?所以幾乎毫無疑問的是,你需要假設他們已經廣泛的使用上了,並且你自己已經成為目標之一。
很多有風險意識的人都已經放棄了微信和QQ的使用,就算如果他們實在有使用的必要,也會用另一個什麼都不用的手機專門安裝微信使用,如果你很不幸的與其他很多人一樣在使用微信,請至少安裝到了一個有進行了出廠設置的備用手機,比如一個超級便宜的安卓手機。關於避免麥克風遠程控制的問題,要確保不要將備用(安裝了微信的手機)手機帶到辦公室或在進行任何談話的時候。
其次,如果你目前的手機被感染了,僅僅卸載掉微信或QQ並不能解決問題,你別無選擇,只能進行出廠設置。也許這樣並不是很方便,但這是僅有的辦法。另外,毫無疑問的是之前工作郵箱所用到的密碼等等,在完成出廠設置后都需要被更換。
——————————————————————————
What to Make of the Explosive New WeChat and QQ Spying Revelations?
A new report by a Lookout, a Cybersecurity company, has generated renewed interest in the security, or lack thereof, of WeChat and QQ (https://blog.lookout.com/xrat-mobile-threat). Despite this, there has been limited attention paid to this explosive new revelation.
It has long been known that due to WeChat keeping its servers inside China, the lack of legal protection of privacy data, and the control over companies by police, that WeChat data is not safe, and can, without protection, be accessed by police or other state actors more or less at will. This has naturally made people shy away from using WeChat for any more serious or political discussions. More and more court cases of people being prosecuted simply based on private chat messages to friends have further illustration this. At the same time, at the time of the Occupy Central movement in Hong Kong, it was shown that a 『Trojan』 virus was being employed to surveil users remotely.
xRAT. That』s the name of the new discovery. Like the earlier virus found, it』s a 『Trojan』 virus, meaning it masks itself as something else, for example a PDF file, and you will be unaware of if you have it on your phone by now. It specifically targets you through your WeChat or QQ account.
So what』s the big deal?
The 『Trojan』 operates with administrator privileges. It means it can access and control any and all aspects of your phone. It also means it can do so without you noticing. In fact, it can remotely get 『full control』. If you want to understand what this means it is this: it has as much access to your phone as if you were to give it to someone, and then tell them your PIN code. Full control.
This means that not only your WeChat or QQ use is exposed. All of your phone is exposed. Photos stored, downloads, documents, any Apps to other services installed, chat logs, phone records, contact lists, and of course, your browser and its entire browsing history, which may include credit card and password and login information to other service, for example encrypted emailing you use.
In short, any phone that has WeChat on it, and is also used to access work emails, or secure chat programs like Telegram or Signal, can now be in the hands of Chinese police or state security. For the community of supporters of human rights in China it moves from bad to terrible. You can now, if you communicate with human rights defenders in China through secure Apps or emailing on a phone that has WeChat or QQ installed, inadvertently be giving the Chinese police material that will incriminate those human rights defenders and land them in prison.
To make matters worse, administrator privilege means you microphone can be turned on, and stream whatever is heard to the Chinese police. Same with video camera and camera. It is a most sophisticated spying tool with far-reaching consequences. It can, it goes without saying, read you location, as well as the specific meta-data of your phone.
If that wasn』t enough, there is one last thing, which makes it such a sophisticated virus. It can auto destruct itself. And when doing so, it can not only delete itself from your phone, but wipe much of your phone log data, making it hard even for technically skilled people to know that the virus was ever there. In short, you might never know if your phone, your use, is the reason someone has landed in prison.
A number of control centers in China has been identified to where such data and traffic goes. The code is such that there is little doubt that this 『Trojan』 comes from the same people behind the earlier 『Trojan』 targeting Hong Kong Occupy Central people, just much more sophisticated.
Should I worry? What to do?
First off, there is still some lack of understanding how the infection spreads to your phone. At the same time, there is little reason to think resources would be spent to develop such a tool, and then not try to use it. An earlier, much less sophisticated version, was used extensively during the Occupy Central movement. Why would the police and state security organs not use a tool if it』s already been developed, and if it』s this powerful? It should go without saying that you need to operate as if it』s being used widely, and as if you were a target.
Most people with risk awareness will already have made sure to not use WeChat or QQ, or if they felt a strong need to have it, have it installed on a second phone which is not used for anything else. If you need WeChat, like many unfortunately feel they do, at the very least, install it on a blank, factory-reset second phone, like a super cheap android phone. Due to microphone remote control, make sure to never have it in your office or at any discussions.
Secondly, your current phone, if infected, will not be secure just by uninstalling WeChat and QQ. You will have no choice but to do a factory reset. This may be an inconvenience, but it is the only way. It goes without saying that any existing PIN codes, passwords to work emails, etc., will need be changed after you have done this factory reset.