Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple iOS Safe From FinSpy Surveillance Software Unless Jailbroken: Document

A leaked document believed to have come from a manufacturer of surveillance equipment shows Apple iOS is more resistant to the company’s spyware than other mobile operating systems on the market.

A leaked document believed to have come from a manufacturer of surveillance equipment shows Apple iOS is more resistant to the company’s spyware than other mobile operating systems on the market.

The document appears to come from the Gamma Group International, a manufacturer of surveillance and monitoring systems with offices in Europe, Asia, the Middle East and Africa. The document specifically deals with a piece of spyware called FinSpy Mobile 4.5.1, and lists the capabilities the software has and what it can do on different devices.

According to the document – which is dated April 4 – FinSpy requires an untethered jailbreak on iOS in order to work. No such requirement exists for BlackBerry or devices running Google Android, Symbian and Windows Mobile. As of the publication of the document, FinSpy Mobile did not support Windows Phone.

The document is part of a large swath of data released earlier this month. Last week, a Reddit user going by the name ‘PhineasFisher’ claimed to have stolen 40 GB of data from Gamma Group International’s network. 

“Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents,” the user wrote. “Gamma Group (the company that makes FinFisher) denied having anything to do with it, saying they only sell their hacking tools to ‘good’ governments, and those authoritarian regimes most have stolen a copy.”

“And that’s the end of the story until a couple days ago when I hacked in and made off with 40GB of data from Gamma’s networks,” the user continued. “I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB.”

The FinSpy document states that “FinSpy Mobile is designed to help Law Enforcement and Intelligence Agencies to remotely monitor mobile phones and tablet devices” and can among other things get full access to calls, SMS messages, address book information and make silent calls to remotely listen to the microphone. It can also trace devices and monitor locations.

Advertisement. Scroll to continue reading.

The document also lists technical limitations of the software on different devices as well as issues the company plans to address in a future release.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.