Researchers have discovered how governments buy off-the-shelf software to hack citizens’ mobile phones and track their location, behavior, and communications.

Security experts at Citizen Lab and Kaspersky Lab have uncovered how software from Italian firm Hacking Team provides law enforcement with remote access to most mobile operating systems though super-simple tools for collecting texts, location data, app use, and other communications.

“In essence, it is malware sold to governments,” concludes Citizen Lab, in its highly detailed forensic report of the uncovered spy software. To give you an idea of just how simple the software is, here is the dashboard of the “one-click functionality for requesting information” on an infected mobile device:


With a simple click, agents can choose to take screenshots at pre-determined intervals, collect skype or text messages, and save the target’s position throughout the day. Here’s what the mapping function looks like:


To be sure, Hacking Team is not a secret organization. It markets its spy software like an airport billboard. “Here in Hacking Team we believe that fighting crime should be easy: We provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities. Technology must empower, not hinder,” explains the company’s About Page.

The software is all perfectly legal to own but is used in questionable circumstances. For instance, in Dubai back in 2012, pro-democracy engineer Ahmed Mansoor was beaten after downloading a Word document infected with software traced to Hacking Team. In that case the software involved was Hacking Team’s older, desktop offering.

While we would hope this type of software would be used to defend democratic principles, Citizen Lab isn’t optimistic: “Most countries have few legal guidelines and oversight for the use of this new power. In light of the absence of guidelines and oversight, together with its clandestine nature, this technology is uniquely vulnerable to misuse.”

Read more of the report here.