Researchers at a mobile security firm and digital rights group accused on Thursday Lebanon’s Security General of using fake versions of smartphone apps, such as “WhatsApp,” Telegram, Threema and Signal to hack Android mobile devices, turning them into cyber-spying machines in one of the first known case of large-scale hacking of phones rather than computers.
Lebanon’s Security General denied the reports, in which it was accused of spying over 21 different countries, including the United States and several European nations.
Security General Chief Ibrahim Abbas said on Thursday he wanted to see the report, which accused the state agency of being linked to the operation.
“The Security General lacks those types of capacities. We wish we had these capacities,” Abbas told Reuters, commenting on the accusations.
Mobile security firm Lookout, Inc. and the Electronic Frontier Foundation, a digital rights group, said the haul, which includes nearly half a million intercepted text messages, had simply been left online by hackers linked to Lebanon’s General Directorate of General Security, AP said.
The news agency quoted the report as saying the suspected test devices all seemed to have connected to a WiFi network active at the intersection of Beirut’s Pierre Gemayel and Damascus Streets, the location of the bulky, sandstone-colored high-rise that houses Lebanon’s General Directorate of General Security.
However, researchers at the two companies declined to identify any of the victims except in general terms, saying that there were thousands of them.
Reuters reported on Thursday that no evidence was found that Apple phone users were targeted, something that may simply reflect the popularity of Android in the Middle East.
Michael Flossman, the Electronic Frontier Foundation’s lead security researcher, told Reuters that EFF and Lookout took advantage of the Lebanon cyber spying group’s failure to secure their own command and control servers, creating an opening to connect them back to the GDGS.