Connect with us

Hi, what are you looking for?



Apple iOS Safe From FinSpy Surveillance Software Unless Jailbroken: Document

A leaked document believed to have come from a manufacturer of surveillance equipment shows Apple iOS is more resistant to the company’s spyware than other mobile operating systems on the market.

A leaked document believed to have come from a manufacturer of surveillance equipment shows Apple iOS is more resistant to the company’s spyware than other mobile operating systems on the market.

The document appears to come from the Gamma Group International, a manufacturer of surveillance and monitoring systems with offices in Europe, Asia, the Middle East and Africa. The document specifically deals with a piece of spyware called FinSpy Mobile 4.5.1, and lists the capabilities the software has and what it can do on different devices.

According to the document – which is dated April 4 – FinSpy requires an untethered jailbreak on iOS in order to work. No such requirement exists for BlackBerry or devices running Google Android, Symbian and Windows Mobile. As of the publication of the document, FinSpy Mobile did not support Windows Phone.

The document is part of a large swath of data released earlier this month. Last week, a Reddit user going by the name ‘PhineasFisher’ claimed to have stolen 40 GB of data from Gamma Group International’s network. 

“Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents,” the user wrote. “Gamma Group (the company that makes FinFisher) denied having anything to do with it, saying they only sell their hacking tools to ‘good’ governments, and those authoritarian regimes most have stolen a copy.”

“And that’s the end of the story until a couple days ago when I hacked in and made off with 40GB of data from Gamma’s networks,” the user continued. “I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB.”

Advertisement. Scroll to continue reading.

The FinSpy document states that “FinSpy Mobile is designed to help Law Enforcement and Intelligence Agencies to remotely monitor mobile phones and tablet devices” and can among other things get full access to calls, SMS messages, address book information and make silent calls to remotely listen to the microphone. It can also trace devices and monitor locations.

The document also lists technical limitations of the software on different devices as well as issues the company plans to address in a future release.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.