A hacker club called Chaos Computer Club (CCC) got in the possession of a tool that's used by the German authorities to track potential criminals. After a complex analysis, the spyware turned out to lack basic security features, which makes it accessible to almost anyone.
According to CCC, the Quellen-TKÜ
is a piece of software developed by the government to tap internet telephony calls and even though it’s supposed to be enforced through technical and legal means, the reality is far from this.
After a reverse engineering process, the hackers noticed that the Trojan, called R2D2, can do a whole lot more, thus violating the regulations imposed by the German constitutional court in 2008, which forbade the use of malware to manipulate the devices of the country's citizens.
The research shows that not only can the tool be utilized to control most part of a computer's hardware and software resources, the poorly implemented safety measures allow for the spy software to be manipulated by someone who wants to do harm.
"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," revealed a CCC member.
"Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."
Even though law enforcement representatives are not allowed to spy on citizens, stating that such Trojans will be used only in certain circumstances and adapted to each situation, the discoveries beg to differ, as all the variants found are basically the same.
Furthermore, the lack of even basic encryption of the data transmitted from the utility is even more concerning.
"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities," the source further revealed.
"The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'."Backdoor.R2D2.A Removal Tool 22.214.171.124
is available for download here