Apple’s strict approach to iOS software means that spyware very rarely makes its way onto our iPhones or iPads. But that doesn’t mean we aren’t at risk. A piece of mobile spyware called FinFisher, developed by U.K.-based Gamma Group, is capable of making its way onto your iPhone and recording your every move without you knowing it.
The software can secretly turn on your handset’s microphone to listen to your conversations, it can track your location, and even monitor your emails, text messages, and calls.
A group of researchers from the University of Toronto Munk School of Global Affairs’ Citizen Lab have been investigating the FinFisher software, which has previously been used by malware activists in Bahrain to infect personal computers. But it’s also available for mobile devices as FinSpy Mobile.
According to Gamma, the spyware’s creator, it is specifically designed for law enforcement and government use, and it enables agencies to keep track of criminals and monitor their every move. The problem is, sometimes the software finds its way into the wrong hands, and innocent people have their privacy invaded.
John Scott-Railton, a doctoral student at the UCLA Luskin School of Public Affairs, told Bloomberg: “People are walking around with tools for surveillance in their pockets. These are the tools that can be used to turn on your microphone and turn your phone into a tracking device.”
FinSpy Mobile makes its way onto your iPhone in one of two ways. You can be tricked into installing it by a malicious link in what looks like an innocent text message or email, or by a hacker that physically gains access to your device.
Of course, the first scenario is more likely, though it’s unclear how the software installs itself with Apple’s restrictions. The researchers report that Gamma uses an Apple developer certificate to make the software look like a trusted program. However, Gamma insists this is just for research purposes.
And if you think you’re safe because you’ve got an Android handset, think again. The software is also available for Google’s platform, as well as Windows Phone, BlackBerry, and even the Symbian operating system powering some Nokia devices. The study insists that the software does not take advantage of any vulnerability in the device or its operating system.
Once your handset is infected, it can be remotely controlled and monitored from anywhere in the world, according to a FinSpy brochure published by WikiLeaks.
It’s a scary thought. The good news is, it’s not easy to obtain Gamma’s FinFisher or FinSpy Mobile software. The company maintains that it only provides it to law enforcement and government agencies.
Apple and Google have declined to comment on the study, while Microsoft said: “We strongly encourage Windows Mobile owners to avoid clicking on or otherwise downloading software or links from unknown sources, including text messages.”
Canadian BlackBerry maker Research in Motion gave a similar response: “BlackBerry smartphones give customers control over what can be installed on the device in addition to prompting users to grant permissions to third-party applications. We recommend customers only download applications from trusted sources to help protect against potentially malicious software.”