Four Chinese airlines are serving malware using their in-flight WiFi system and IMSI-catchers installed on the planes

Sep 23, 2015 19:47 GMT  ·  By

Four Chinese airlines are supposedly installing spyware on the Android smartphones of passengers traveling on international flights, John McAfee claims.

John McAfee, a renowned security researcher and founder of McAfee antivirus (now Intel Security), has made a habit of publishing controversial articles once in a blue moon or so.

In one of his monthly editorials for International Business Times, the security guru has revealed how passengers on four Chinese airlines, which he declined to name, are secretly being served boot-persistent spyware while connected to the plane's internal WiFi system.

Attackers use IMSI-catchers to pose as telephony towers

According to McAfee, the first steps of the attack are seen when passengers attempt to connect to the plane's in-flight WiFi system provided on some more modern airplanes.

The internal WiFi network will push a module to the user's phone, a module that turns on the user's 3G or 4G network communications without displaying an icon on the phone's screen.

The purpose of doing this, McAfee explains, is linked to the fact that planes from these four airlines come equipped with their own IMSI-catcher, a device that emulates mobile telecommunication towers, fooling the user's phone into connecting to it and performing MitM (Man-in-the-Middle) attacks.

The IMSI-catchers push the Simple Logging Android app to passengers' phones

Once the user's smartphone is connected to this device, the first operation performed is to check to see if a particular Android app is installed on the user's phone. This app's name is Silent Logging.

If this app is not found, it is pushed to the user’s phone. Mr. McAfee does not detail if the app needs to be manually approved by users or is installed using various exploits without their knowledge and consent.

What he says is that, once on your smartphone, this app immediately starts downloading a spyware app, which then uses Simple Logging's capabilities to record everything the user does, and then send the data to an IP address registered in Beijing, China.

Factory resets won't remove the spyware

According to Mr. McAfee, the spyware can be uninstalled only by a "physical wipe" of the phone's drive. Factory resets won't work because the spyware intercepts this command and emulates the factory reset results, fooling the user and continuing to remain on their phone.

"Any business person, diplomat or government employee who has ever traveled on any of these four airlines has forever after been wired by the Chinese government," says McAfee. "Every email, text, word or action has been recorded for Chinese posterity."

While Mr. McAfee's own conclusion puts the blame on the Chinese government, he has no evidence to sustain his claims.

A more plausible explanation would be if a criminal group has managed to bribe employees at these four airlines and have them install the necessary infrastructure in the company's planes. Maintenance crews usually have this type of access when planes are sent for periodical check-ups and repairs.

A similar Chinese criminal group has also been able to install malware on 24 smartphone models, right after they were shipped from the factory.

Simple Logging app permissions
Simple Logging app permissions

Photo Gallery (2 Images)

Chinese airlines are spying on their passengers
Simple Logging app permissions
Open gallery