Hacking Team

From The Apple Wiki

Hacking Team is a company that "sells offensive intrusion and surveillance capabilities to governments and law enforcement agencies", including iOS spyware tools. The iOS spyware tools appear designed for targeting/attacking specific people, not for broad surveillance of the public.

See malware for iOS for context and a list of similar tools.

Remote Control System tool (requires jailbreak)

In June 2014, security researchers published details about Hacking Team's iOS spyware tool, discovered via reverse engineering it. This research got confirmed in July 2015 by a data breach that revealed Hacking Team's internal documentation and pricing for this tool and related tools. (This was big news because the documents also had evidence that Hacking Team sold these tools to repressive governments.)

The revealed "Remote Control System" documentation includes on page 7 a description of the iOS tool: it requires a jailbreak, it's compatible with iOS 4-8.1, and it provides monitoring of chat (Skype, WhatsApp, and Viber), location, contacts, and list of calls. It costs about $55,000, purchased in conjunction with supporting tools and services.

Context for that tool is that other spyware tools for jailbroken iOS also exist - for example, there is a MSpy spyware tool distributed via the BigBoss repository, which consumers can buy for $10-15 dollars a month. With MSpy and other consumer-level spyware tools (there are several for iOS), you have to physically arrange for your target's phone to be jailbroken and then somebody has to manually install the tool.

Hacking Team tools for jailbreaking devices

Hacking Team's spyware tool also relies on a device being jailbroken with a publicly-available jailbreak tool (or perhaps a custom tool built on top of a publicly-available jailbreak). Using public tools means that they have some of the same limitations as consumers: jailbreaking iOS 6-8 requires that the device passcode is disabled during the jailbreaking process, and recent jailbreaks also require that Find My iPhone is turned off.

Hacking Team has other pieces of malware for OS X and iOS that they may be able to combine to ease the process of jailbreaking the device and installing the spyware, probably with the help of their expertise in spearphishing attacks and other kinds of social engineering attacks. This Wired article about last year's security research explains a way that could happen:

"The iOS spy module works only on jailbroken iPhones, but agents can simply run a jailbreaking tool and then install the spyware. The only thing protecting a user from a surreptitious jailbreak is enabling a password on the device. But if the device is connected to a computer infected with Da Vinci or Galileo software and the user unlocks the device with a password, the malware on the computer can surreptitiously jailbreak the phone to install the spy tool."

Will Strafach (User:ChronicDev) said on Twitter that there is no evidence for Hacking Team being able to jailbreak without physical access:

i0n1c also said on Twitter that physical access seems required:

Newsstand keylogger tool (doesn't require jailbreak)

This MacWorld article reports that Hacking Team also has spyware that doesn't require a jailbreak, via misuse of developer certificates:

"Researchers have also found so far that Hacking Team has a legitimate Apple enterprise signing certificate, which is used to create software that can be installed by employees of a company who also accept or have installed a profile that allows use of apps signed by the certificate. It was shown last November that an enterprise certificate combined with a jailbroken iOS device could be used to bypass iOS protections on installing apps. Further, Hacking Team had developed a malicious Newsstand app that could capture keystrokes and install its monitoring software."


More commentary from Will Strafach (User:ChronicDev):