According to a new report from Google, the iPhone hack developed by Italian company RCS Lab has been used by law enforcement agencies in Europe. The hacking tool used a variety of exploits to allow the firm’s customers to spy on private messages, contacts and passwords.
However, Apple has patched all six exploits used in various versions of iOS (see below), so keeping your iPhone up to date will keep it safe from hacking tools…
Details of the spyware were revealed by security researchers at Google’s Threat Analysis Group (TAG), whose mission is to detect and combat “targeted and government-backed hacking”.
Google said it has been tracking the activities of commercial spyware vendors, including RCS Lab, for years.
Seven out of nine zero-day vulnerabilities [across iOS and Android] Our Threat Analysis Group, discovered in 2021, falls into this category: Developed by commercial providers and sold and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploit or surveillance capabilities to government-backed actors.
Today, with Google’s Project Zero, we’re detailing the capabilities we attribute to RCS Labs, an Italian vendor, as initial infection vectors for targeting mobile users on both iOS and Android. Uses a combination of tactics including unusual drive-by downloads.
RCS Lab’s iPhone Hack
The attacks aren’t as dangerous as those used by NSO’s Pegasus, as the RCS ones are needed to trick iPhone owners into clicking a link. However, the company has come up with a very clever way to do this.
In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker will send a malicious link via SMS asking the target to install an application to recover its data connectivity. We believe this is the reason why most of the applications have come out as mobile carrier applications. When ISP involvement is not possible, the application is disguised as a messaging application.
The apps use an official Apple method that aims to install internal apps on iPhones used by companies by employees.
To distribute iOS applications, attackers followed Apple’s instructions on how to distribute proprietary in-house apps to Apple devices and used the itms-services protocol with the following manifest file and com.ios as the identifier. Used .Carrier.
The resulting application is signed with a certificate from a company named 3-1 Mobile SRL (Developer ID: 58UP7GFWAA). Certificate that meets all iOS code signing requirements on any iOS device since the company was enrolled in the Apple Developer Enterprise Program []
The app is divided into several parts. It includes a generic privilege escalation exploit wrapper used by six different exploits. It also includes a minimal agent capable of extracting interesting files from the device, such as the WhatsApp database.
Google says it has found live examples of compromised phones in Italy and Kazakhstan, but CNN Notes that RCS claims several European law enforcement agencies as clients, making it likely that iPhones from other countries have also been hacked.
apple patch
Macworld Note that Apple has patched every iOS exploit used, so your phone is protected from all of them provided you’ve updated to at least iOS 15.2.
If you need to check which iOS version you are using, you can do so in Settings > General > About. To update, go to Settings > General > Software Update.
Photo: Mahdi Bafunde/Unsplash
FTC: We use income generating auto affiliate links. More.
For more Apple news, check out 9to5Mac on YouTube:
