Today, researchers from Kaspersky and Citizen Lab published research on a new type of malware designed to give police complete access to a suspect's phone. The tool, dubbed Remote Control System (or RCS), can be implanted physically through a USB or SD card, or remotely through an infected link or network traffic injection. Once the phone is infected, police can use it to monitor a user's location, record ambient audio through the microphone, or even hijack the phone's camera to take spontaneous photographs. The malware works best on Android devices, but can also be installed on iOS if a device has been jailbroken.

Some observers suspect the company is working with police in Los Angeles

Hacking Team is a Milan-based company with more than 50 employees that has made a niche for itself selling surveillance software to police in "several dozen countries" on "six continents." It's still unclear exactly where RCS is currently used, but early indications point to Saudi Arabia, based on the fake "Qatif" news app where the code was initially found. The report also includes a map from a Hacking Team presentation that show the LA County Sheriff's office as a default location, leading some observers to suspect the company is working with police in Los Angeles.

Hacking Team says it won’t sell its products to governments that are blacklisted by NATO, but critics say the company’s tools have already been used against pro-democracy Moroccan journalists and at least one American citizen. Reporters Without Borders named Hacking Team one of its "Enemies of the Internet." The company's flagship product is called Da Vinci, a piece of malware that allows police to spy on suspects through their computer’s webcam, microphone, emails, and Skype calls.