It’s nearly impossible to spy on iPhones, according to top surveillance firm

iPhone5sios7

iOS has always been more secure than Android, and new information that’s leaked out of one of the world’s leading surveillance companies reiterates that fact.

The Gamma Group has a piece of spyware called FinSpy that can hook into just about any Android, Blackberry, and older Microsoft phone. But it can’t touch an iPhone unless the user has changed its core security through the process of jailbreaking.

First noticed by The Washington Post, a leaked document from the Gamma Group reveals the details. Dated April 2014, the document says that FinSpy is “designed to help Law Enforcement and Intelligence Agencies to remotely monitor mobile phones and tablet devices.” Once installed, it can relay messages, phone calls, location data, contacts, and more.

Screen Shot 2014-08-11 at 9.20.03 PM

In a chart showing the spyware’s support platforms, iOS is only listed as jailbroken. The process of jailbreaking through a free tool like Evasi0n gives the user root access to make filesystem changes Apple doesn’t allow in iOS otherwise. Unsigned code can then be run outside what’s in the App Store, and that’s the only way FinSpy can work.

So far, FinSpy has been used to spy on computers in the U.S., U.K., Germany, Russia, Iran, and Bahrain. The NSA recently came under fire for spying on the American public, and Apple has repeatedly denied that it’s created backdoors into its products for government surveillance.

Apple executives tout iOS’s security over other mobile platforms whenever they can. Security research consistently shows that the vast majority of mobile malware is targeted at Android.

But there’s always the chance that someone will find a way to hack into the iPhone like other platforms. Georgia Tech researchers will soon publish a study the details how to create a botnet out of iPhones. The catch is that it requires an exploit in connecting over USB to a Windows PC.

  • Patrick Magee

    Yet another reason to not jailbreak my phone.

    • :)

      You should know what you’re talking about before you come to rash conclusions. Not only is a jailbreak necessary, the malicious intent can only be carried out if the bad guy has access to the phone’s filesystem. While the untethered jailbroken iPhone may have unlocked this restriction, it is still shielded from other devices. One must install one or more tweaks to allow alien devices to connect on root level. So most jailbroken iPhones are still impenetrable.

      Let’s remember the fact that jailbroken iPhones get patches for security bugs far more quickly than regular iPhones that have to wait for iOS 7.2 or iOS 8. Security-wise, if you know what you’re doing, you’re best off with a jailbroken iPhone. No phone in the world can beat that phone as an all-in-one.

      • PMB01

        Security patches get there quicker? What dream world are you living in? Come back when you have a clue.

      • :)

        It’s clear that you have no idea what you’re talking about. I suggest you stop spreading misinformation, despite whatever bias you may have against jailbreaking / jailbreakers.

      • PMB01

        It’s not possible to get a security patch quicker than a non-jailbroken iPhone. Apple sends out updates over-the-air to all supported devices. However, jailbroken devices will typically lose their jailbreak status by applying a new update. Everything has to be updated to support the updated software, which means finding new holes. This typically takes awhile.

        A vast majority of iPhone users don’t need or care to jailbreak their iPhone and they are better off not doing so. At this point, the only users who are more secure than non-jailbroken iOS users are the 5 Windows Phone users.

      • :)

        You’re totally right about the whole OTA process. However, I was not referring to Apple’s patches. Jailbreak developers often release patches and bugfixes for critical bugs and weaknesses much faster than Apple does. The jailbreak community doesn’t have to wait for Apple to find a fix and ponder until the scheduled release date. In fact, this has happened regularly, making jailbroken iPhones safer in general when maintained correctly.

        I’m not talking about “lockscreen phone app backdoors”, I mean stuff like this:

        http://www.idownloadblog.com/2014/05/07/ryan-petrich-ios-7-mail-fix/

        https://github.com/linusyang/SSLPatch#ssl-patch-cve-2014-1266/

        http://www.redmondpie.com/fix-ios-4.3.3-jailbreakme-3.0-vulnerability-with-pdf-patcher-2-to-avoid-ios-4.3.4-in-future/

  • Michael Superczynski

    The droids will ignore this fact and continue to insist that Android is the best mobile os in the world.

    • Kevin Kuo

      and vice versa.
      This fanboyism attitude has to stop. Companies are constantly exploiting this and making misinformed consumers make themselves look like idiots.

      • Michael Superczynski

        Informed consumers should know the fact that iOS is inherently safer than Android. “fanboyism’ has nothing to do with it.

      • Kevin Kuo

        Yes it does. It is confirmation bias, accepting information that supports their beliefs and looking past info that counters it.
        They have neglected the amount targeting and the effect is different, and that an vulnerability in one OS could exist in another OS that is not mentioned. They could also incorrectly assume that some security measure in the other OS does not exist just because they are not as educated in the respective platform.
        To provide a counter evidence, just a few months a go iOS users in Australia were locked out of their devices by hackers demanding ransom.

      • nanoco

        Countering you… “the hacking is most likely the result of login credentials having been acquired from recent data breaches and used to lock users out using iCloud”….this is not an inherent vulnerability in iOS or with the iPhone device.

        Read more at http://www.cultofmac.com/280872/ios-devices-held-hostage-hackers/#YO5H50C7UauVXsHE.99

      • http://www.sk1wbw.wordpress.com/ Wayne Williams

        This process was done by hacking websites, not the iPhone itself.

      • Kevin Kuo

        Exactly, by hacking Apple’s servers, the hacker was able to give commands to iOS devices.

      • http://loewald.com/ Tonio Loewald

        I always wonder how “97%” of malware is on Android. Where’s the other 3%? I guess this explains some of it.

      • Michael Superczynski

        Good grief.
        The only way iOS can get malware is if the device is jailbroken.
        A compromised iOS is then the fault of the person who did the jailbreaking.

      • Kevin Kuo

        Although Apple has an extremely tight screening process, one fault in the App Store is that it does not show what the app does. Therefore, it is extremely difficult for the user to know what kind of data the app collects.
        I also agree with you that a compromised system is usually the fault of the individual.

      • Grey

        Either you don’t know how to spell ‘confirmation’ or you have no understanding of the difference between the words confirmation and conformation.

      • Kevin Kuo

        Or it’s just a typo. Anyways, you get the message, which is important. So, what do you think of the message?

      • Grey

        I think you should proofread what you write. It matters, even if you think it doesn’t.

    • gommer strike

      According to the chart above, Windows Phone is the most secure. Their software isn’t even supported on it yet…

      • PMB01

        That’s great for their 5 users! Meanwhile, iOS is the most secure for phones that are actually selling.

  • Grunt_at_the_Point

    Just last month on this forum an article provided this view: http://www.cultofmac.com/?p=288161

  • gommer strike

    By this chart, isn’t Windows Phone technically the most secure? Says “Not supported yet”…

    • jameskatt

      Windows Phone isn’t supported because only 1 or 2 have ever sold. There is no money to be made by having so few targets.

      • icarusty

        They have 5% marketshare, in a market audience of billions, that’s a significant number. No level of arrogance will change that.

  • icarusty

    according to the picture, BB10 is also impossible to spy on, as are all Windows phones (7+).

    Of course, that’s completely ignoring the fact that the NSA has all encroaching surveillance powers over the companies… as part of PRISM every company that makes an OS is required to backdoor their way for the NSA anyway – that or simply hand over any detail they request.

    This was documented recently for iOS

    http://www.zdnet.com/forensic-scientist-identifies-suspicious-back-doors-running-on-every-ios-device-7000031795/

    Key word EVERY iOs device.

About the author

Alex HeathAlex Heath is a staff writer at Cult of Mac and co-host of the CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like "ICONIC: A Photographic Tribute to Apple Innovation." If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Twitter always works too.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , |