Malware on iOS has always been rare, thanks to the increasing difficulty of jailbreaking iPhones and Apple’s continuous focus on locking down its devices. This has driven prices for iOS bugs and exploits through the roof. Nowadays, companies are willing to pay around $3 million for software that jailbreaks and hacks iPhones—and researchers are reluctant to report bugs to Apple simply because others pay better.Governments around the world have been willing to spend a fortune on iOS malware. Saudi Arabia paid $55 million to purchase iPhone malware made by NSO Group, according to a recent report by Israeli newspaper Haaretz. There’s several companies specializing in iOS malware, such as Azimuth, NSO Group, and some more. But despite the appearances, iOS malware isn’t only in the hands of big companies and their government customers.
“We have uncovered an iOS implant.”
Security researcher Zuk Avraham recently wrote on Twitter that iOS jailbreaks, the basis of any kind of malware for iOS, aren’t as rare as people think, and estimated that there are more than 50 groups who have iOS exploits. While most people believe that only powerful government adversaries have access to iPhone exploits, more discoveries are being made that suggest that lesser-known groups have exploits as well.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
In May, Motherboard revealed that Italian cell phone providers were helping cops install malware on suspected criminals’ phones.According to former Cyber Command hacker and now director of cyber solutions at Point3 Ryan Duff, this discovery should not be seen as too much of a worrisome sign.“As far as MDM as an injection method for malware, it's pretty lame,” Duff told Motherboard in an online chat. “As far as risk goes, it's pretty low. You can't just force an iPhone to connect to an MDM server. You would have to get them to install a device profile onto their phone. You'd need to social engineer them in some way to installing the profile.”Raiu said that Kaspersky is not sure how Negg—or its customers—get the malware on the target iPhones. It could either be social engineering, Raiu said, or “even physical access.” Kaspersky is unsure if Negg has any zero days or specific iOS exploits.Even if MDM-based malware is not as sophisticated as malware that gets injected with expensive and unknown vulnerabilities—or zero-days—once it’s on the phone the result is the same: the hackers—be them criminals or government-sponsored—have access to everything on the phone.“You're basically turning over administrative control of your phone to the attacker,” Duff told me. “So of course they can install malware from there.”Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.
“You're basically turning over administrative control of your phone to the attacker.”