Wednesday, December 5, 2018

Finding New Ways to Spy on iPhones

Lorenzo Franceschi-Bicchierai:

Governments around the world have been willing to spend a fortune on iOS malware. Saudi Arabia paid $55 million to purchase iPhone malware made by NSO Group, according to a recent report by Israeli newspaper Haaretz. There’s several companies specializing in iOS malware, such as Azimuth, NSO Group, and some more. But despite the appearances, iOS malware isn’t only in the hands of big companies and their government customers.


Mobile Device Management or MDM is a feature in iOS that allows companies to manage and monitor devices given to their employees. By installing an MDM profile or certificate on an iPhone, a user gives the MDM owner some control over the device. This mechanism can be used by malware creators. In July, security firm Talos found that a hacking group used MDM to target a few iPhones in India (Mobile Device Management can be turned on for every iPhone.)


It’s unclear how government hackers get the malware on target’s iPhones. Kaspersky Lab researchers speculated it may be via social engineering “using fake mobile operators sites.” In other words, this malware does not leverage any bugs or exploits in iOS, but instead takes advantage of MDM, which is a specific design feature in the operating system. In this way, it relies on a tried-and-tested social hacking technique—tricking users into installing something. For many years, the average user could essentially click on any link, download any app, and otherwise use their iPhone without worrying about targeted surveillance. That may soon no longer be the case.

Thomas Reed:

Sad truth: malware for iOS exists, but there’s absolutely no way to detect that it’s installed due to sandboxing restrictions in iOS.

Patrick Wardle:

^^this 💯

I have no idea how to check if my iPhone is hacked 😰

Nation States actually ♥️ hacking iPhones - largely because once they’re in (and yes, they can get in even remotely), the chance of detection is essential 0%🤭

1 Comment RSS · Twitter

Isn't that a way to check if your device has a malware MDM installed? Section "Check to see if your iPhone, iPad, or iPod touch is supervised"

Leave a Comment