Tools used by governments (and similar) to target individuals




CIA "Vault 7" materials (March 2017)

Výsledek obrázku pro ios

On March 7, 2017, WikiLeaks released a collection of CIA documents called Vault 7, dated from 2013 to 2016, that include information about CIA hacking tools for iOS devices. The materials include documentation for CIA iOS exploitation research and a list of iOS exploits they have.

Cellebrite (February 2017)

Výsledek obrázku pro ios

As reported by Motherboard in February 2017, Cellebrite is "an Israeli firm which specializes in extracting data from mobile phones for law enforcement agencies". According to leaked information, "much of the iOS-related code is very similar to that used in the jailbreaking scene", such as limera1n and QuickPwn, with additions: "some of the code in the dump was designed to brute force PIN numbers". The leaked files are available online.

Pegasus (August 2016)

Výsledek obrázku pro ios

Pegasus is a spyware product for iOS built by NSO Group, sold to governments, which has been used for attacks against political dissidents. It uses a chain of exploits nicknamed Trident to silently jailbreak the target device, and then it installs malware. Lookout Security described it in a post and a technical analysis. Citizen Lab wrote a post about its use. In June 2017, the New York Times reported that the Mexican government used Pegasus to target human rights lawyers, journalists and anti-corruption activists.

XAgent (February 2015)

Výsledek obrázku pro ios

XAgent is a surveillance tool targeting specific people (such as people in governments, the military, and journalists) that can affect both non-jailbroken and jailbroken devices, as described in this article by Trend Micro. Also covered by PCWorld.

Inception (December 2014)

Výsledek obrázku pro ios

Inception is an "attack framework" from an unknown source that targets individuals to steal information, using phishing emails and other techniques along with malware for iOS and other mobile operating systems, described in this post by security researchers who identified it. According to the whitepaper from those security researchers, a target may receive a phishing email with a link that says it's a WhatsApp update, and if clicked on jailbroken iOS, it triggers "the download of a Debian installer package, WhatsAppUpdate.deb, also 1.2Mb in size. This application impersonates a Cydia installer, and can only be installed on a jailbroken phone" (page 23). It's unclear what they mean by "impersonates a Cydia installer", but a .deb file is the standard format for software packages installable via Cydia. The iOS malware collects the device's ICCID, address book, phone number, MAC address, and other information. Another group of security researchers also identified this attack framework and called it Cloud Atlas.

Hacking Team tools (June 2014 and July 2015)

Výsledek obrázku pro ios

Hacking Team is a company that "sells offensive intrusion and surveillance capabilities to governments and law enforcement agencies", including iOS spyware tools. The iOS spyware tools appear designed for targeting/attacking specific people, not for broad surveillance of the public. Their main tool (Remote Control System) requires a jailbroken device, and they were researching options for non-jailbroken devices.

DROPOUTJEEP (December 2013)

Výsledek obrázku pro ios

In December 2013, a conference presentation included information about a NSA tool called DROPOUTJEEP: "a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.” The information was from an internal NSA software catalog from 2008. The presenter speculated that Apple had helped build this tool, and Apple said it "has never worked with the NSA to create a backdoor in any of our products".

FinSpy Mobile (August 2012)

Výsledek obrázku pro ios

FinFisher is a suite of commercial surveillance tools sold to governments, which have been used to target activists and other people. The suite includes spyware tools for many mobile operating systems, including iOS.