TL;DR: some guys bought a bunch of WebKit zero-days, gained root on an Android 2.x device, installed a surveillance app and demoed it at RSA conf.<p>It would be nice to get hold of some more of the technical details involved.
Maybe I'm not sure about how tech-savvy most people are, but when I get a text message from an unknown number claiming to be my provider asking me to click a web link to update my phone, I know something's up.
It's not that clear, but apparently this requires the pre-installation of a malicious app.<p>Quote:
"The CrowdStrike team reverse engineered a Remote Access Tool (RAT) called Nickispy (a RAT from China that successfully disguised itself as a Google+ app)."<p>from <a href="http://blogs.computerworld.com/19803/mobile_rat_attack_makes_android_the_ultimate_spy_tool" rel="nofollow">http://blogs.computerworld.com/19803/mobile_rat_attack_makes...</a>