I missed this last week but the WSJ claims the government can remotely hack your Android phone to turn on the microphone so they can listen to your private conversations. Not just your phone calls, any conversation within range of your phone. Supposedly they have to get you to access an infected site or download an infected attachment. Supposedly they need a warrant. Google had no comment.
It has long been possible to buy software which could secretly and undetectably turn on a phone's microphone and camera. The software could then be used to remotely control the phone, but it required physical access to the phone to download and install the malware. Now this malware can apparently be installed remotely if your phone uses Android software.
As to the requirement that the phone access an infected site or download an attachment, smartphones frequently call home, in my case Samsung, for updates to the Android software. If the malware is on the manufacturer's site it could have been downloaded the first time I used the phone. If Samsung had any comment I could not find any reference to it on the web
As to the requirement that they get a warrant, please see the Reuters article about how law enforcement is trained to cover up the sources of information from NSA intercepts. Also take a look at the many follow up articles indicating that the practice may be widespread, including NSA shares surveillance data with Justice Department for criminal cases by Joan McCarter here on DK. Of interest is the description of the practice of "parallel construction" which law enforcement personnel are trained to use to conceal the sources of illicitly obtained information.
Note that the first link above is not to the Wall Street Journal article, which is behind a paywall, but to a description of the article on The Tech Dirt. Another article on the same subject on Berry Review describes the WSJ story as "fear mongering" and makes the following interesting observation:
The big question is how the FBI is executing these remote taps. If they are installing malicious software on the device when they have it in their possession then this is not a big deal. On the other hand if they are exploiting vulnerabilities (or possibly even a back door) remotely then that is a totally different story. Still the Android OS core is reviewed by quite a few people trying to build ROMs so I am not sure how a back door would be missed.
I am not trying to engage in fear mongering, but I would be very glad to see robust denials from Google and the relevant phone manufacturers assuring users that no such back door or unpatched vulnerability exists.