Google’s Project Zero and Threat Analysis Group (TAG) has come forward with its findings on the activities of an Italian spyware maker named RCS Labs. This is not as big in scale or scope as Israeli NSO Group and its proprietary Pegasus spyware. Nonetheless, it has reportedly been around for quite a few years and has been used on people in Italy, Kazakhstan, and Syria. Even if your country’s name isn’t on the list, know that TAG is currently tracking more than 30 spyware vendors that have grown into a full-blown ecosystem and lends their services to world governments. So, let’s understand how these things work.
How Do RCS Labs’ Android And iOS Spyware Work?
The spyware will be masked as a fake My Vodafone app that is pushed to the users through an SMS link and they are tricked into installing the app. Well, to convince them, the attackers have sometimes got the ISPs to disconnect the mobile data first and then ask them to install the particular My Vodafone app to restore the services.
The app would seem legit and the sideloading works because it was signed in through Apple’s Enterprise Developer Program. Apple has however revoked all certificates and accounts related to this now.
Talking about sideloading, Apple said, “Enterprise certificates are meant only for internal use by a company, and are not intended for general app distribution, as they can be used to circumvent App Store and iOS protections. Despite the program’s tight controls and limited scale, bad actors have found unauthorized ways of accessing it, for instance by purchasing enterprise certificates on the black market.”
Apple has also patched the exploits that were used by the bad actors to sneak into the victim’s iPhones.
According to Project Zero member Ian Beer, the exploits were successful in the first place, because of the new “system-on-a-chip” and “coprocessors” used in the recent iPhones, something which is used by Android phones too.
Meanwhile, TAG member Benoit Sevens remarked, “The commercial surveillance industry benefits from and reuses research from the jailbreaking community. In this case, three out of six of the exploits are from public jailbreak exploits. We also see other surveillance vendors reusing techniques and infection vectors initially used and discovered by cyber crime groups. And like other attackers, surveillance vendors are not only using sophisticated exploits but are using social engineering attacks to lure their victims in.”
Another TAG employee Clement Lecigne told WIRED that “These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house. But there is little or no transparency into this industry, that’s why it’s critical to share information about these vendors and their capabilities.”
We agree and appreciate Google and other parties involved in discovering such vulnerabilities. Now if you own an iPhone or for that matter any computing device, you are advised to keep their software up to date.
“If you have any Query Related This Post then here is the Source Link“