iOS

Researchers find iOS is rich target for spying software

The popularity of Apple devices makes them a prime target for spying programs, malware, and simple thievery.

According to a report in TechWeek Europe, researchers have found that spying programs like SpyEra, SpyBubble and StealthGenie are used by attackers much more  heavily on devices running iOS. In two samplings of infected devices, Israeli mobile security company Lacoon found that significantly more iOS devices were being targeted over other mobile operating systems (74 % in one sampling and 52 % in a second sampling).

Attackers are, of course, taking advantage of the relative popularity of Apple devices, and are using the spying programs in highly targeted attacks -- for example, against business executives -- "to watch over personal and business data, letting the attackers view all the victim's emails, text messages and geo-location information."

The catch for these spying programs (marketed and sold legally as methods for companies to monitor employees or for parents to keeps tabs on children, for example) is that they require physical access to the device, and in fact, require jailbreaking the device to allow the software to be uploaded:

According to Ohad Bobrov, CTO and co-founder of Lacoon Security, a trained individual can jailbreak a device and upload malware to an iPhone in "about the time the device's owner leaves their phone on the table to grab a cup of coffee".

Once the device has been compromised, the malware is very effectively hidden from the victim, which is what makes it such a dangerous exploit. For motivated individuals who are involved in cyberespionage, it could be a powerful tool.

Countermeasures?

Perhaps aware of this trend of cybercriminals trying to take advantage of mobile security issues, Apple has recently filed an interesting patent -- an anti-theft feature based on motion sensors. According to the Apple Insider, the new patent application "calls for the use of a portable device's accelerometer, in cooperation with a specialized controller, to detect whether a 'theft condition is present' and sound an alarm." This follows a patent filed in October by Apple for methods to detect unauthorized users (in the event the device is lost or stolen), including heartbeat monitoring (!), matching voice recordings, or taking a picture of the user and sending such collected information to the authorized account. More mundane detection methods include incorrectly entered passwords, attempts to jailbreak the device, or removing a SIM card.

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

8 comments
jneville.work
jneville.work

So if your device has never been jailbroken you're safe from spyware. Right??

aureolin
aureolin

“calls for the use of a portable device’s accelerometer, in cooperation with a specialized controller, to detect whether a ‘theft condition is present’ and sound an alarm.” How do they plan to tell "theft" from running to catch a cab?

robo_dev
robo_dev

While at some point there may be some clever browser exploit, if the Apple app store controls/sanitizes every app, then realistically there is no malware point of ingress for a locked phone. I think it's a bit paranoid to assume that someone would physically obtain, jailbreak, and install apps on your phone. If somebody is that close to you, then why would they need to perform surveillance on your phone?

robo_dev
robo_dev

The theory would be the iPhone theif would be a young and fast runner? (I am making all this up, by the way)

jneville.work
jneville.work

And what will sounding an alarm do? When was the last time anybody went running to the rescue because they heard a car alarm going off?

techrepublic@
techrepublic@

iOS/iPhone history has no shortage of remote exploits that allow full root access (e.g. SMS remote root exploits, Safari drive-by root exploits). As for Apple's app store and sanitizing apps. The high number of spyware in Apple's app store seems to indicate that Apple either is unable or unwilling to protect users data and privacy.

robo_dev
robo_dev

If I run really fast on my morning jog, would they think my phone is stolen? What, are they looking for parcour moves or something? Maybe you have to program in your height/weight and general fitness level, and the program determines there's no way you can move that fast?

Editor's Picks