Did Hermit escape from a government spy program?
The small world of espionage must be so happy that the smartphone has become democratized in the world! Imagine! Even more need for shenanigans and elaborate plans to approach a targeted person since he wears, of his own free will, a snitch in his pocket. The great boon since in addition to listening to him, we even have access to his e-mails, his SMS, his contacts and other personal data formerly almost unreachable without putting his life in danger. Spyware has therefore been developed with more or less murky justifications for use. We remember the Pegasus scandal, the NSO program, which is offered to governments and institutions to “help justice” and which nevertheless mostly been used to spy on journalists and opposition figures. Today, Hermit is in the eye of the security storm.
Google and Apple block Hermit, Italian spyware competing with Pegasus https://t.co/gecxUkhcxp pic.twitter.com/kUNUYBfhkR
— NextINpact.com (@nextinpact) June 29, 2022
A wandering Hermit?
It is indeed Google and Apple who have alerted in recent days on the potential infection of smartphones by Hermit, a spyware that has already claimed victims in Kazakhstan, Syria and Italy. This information comes straight from the experts at Lookout and from Goggle’s Threat Analysis Team, also known as TAG. According to them, the spyware would be developed by the Italian company RCS Lab SpA, associated with their compatriots at Tykelab Srl. Their names were found in an SSL certificate associated with Hermit. In addition, job offers from the second cities strangely correspond to the operating needs of such software. All this is for the moment only in the state of supposition, even if certain information present on the RCS Lab site confirms that the company also does spyware since it markets:
(…) off-the-air GSM surveillance systems, social network analysis tools and active intrusion systems (Trojan horses) that allow obtaining complete information on target users, even for encrypted communications such as Skype, PGP and secure webmail.
Consequently, Google has announced that it has already carried out changes to Google Play to protect users of Android devices from this software. Same rapid reaction from its competitor to the apple since Apple has revoked all certificates associated with Hermit. Thereby, the app can no longer be deployed outside of its official store. It must be said that spyware can do a lot of damage.
Open Data Days
The operation of Hermit is in itself fairly standard for spyware. The spy sends to the user a link offering to download an application to help him unblock, for example, access to a messaging system or to his connection. Here is an example of a screen that may appear to you, explaining that your access to Facebook, Instagram and Whatsapp is blocked:
Once you click on the link, a program is installed, hiding within it the famous spyware which will then have control of your contacts, your SMS, your geolocation, your camera and your microphone, among many others.
Its other means of proliferation questions the moderately legal nature of the thing. According to Google, spies could act with the complicity of internet service providers in order to deactivate the victim’s mobile data. They would then use this network interruption to encourage him to download the infected application supposed to solve the problem. The target receives a message for this that uses the colors and logos of the suppliers to throw them into the mouth of the wolf. What interest for operators? Obediently respond to a request from a rogue government to spy on a particular individual. Do you think it’s conspiracy? ask to Edward Snowden who has been forced to eat borsch for 9 years what he thinks about it…