Vault 7: CIA Hacking Tools Revealed

The tool ‘Spottsroide’ uses a development feature of the Broadcom modem- called monitor mode– that is present in (in this document, the Galaxy S2) many smartphones and other mobile devices that can be used to snoop and conduct blanket data collection of all WiFi traffic around the device. This data can be analysed later through a variety of different techniques.

Monitor mode (if supported) is normally disabled in firmware, this document confirms that and states “The source was never released, so this is the “reverse engineered” source”- meaning Broadcom didn’t help directly.

This does highlight the issues with fully closed-source backdoors and vulnerabilities, where they can be reverse engineered and exploited regardless of any perceived security.

The interesting thing is that the “survey app” responsible for data collection is initially launched through another app called Apollo, a “music player app”

It is possible there is nothing odd about the Apollo app- or Joseph Cohen’s version specifically- and there is simply some form of exploit or perhaps the app has plugins, extensions, or something that’s being leveraged here to start the data collection. But there’s no doubt this is all very odd.

This is a very interesting, highly covert way to conduct network analysis after the fact.



Source…