As the ongoing story goes about one of the largest spyware company, Hacking Team being breached, there has been a lot of spill over on diversified tech industries. The security breach caused 400 GB of data leakage over the internet. Considering the major breach that took place this week, one of the major aspects it beholds was the Hacking Team's ability for a potential exploitation of jailbroken iOS devices.
The leaked data was to be sold for different purposes to different organisations including governments. Macworld noted the potential ability of the Hacking Team to infiltrate and investigate jailbroken iPhones on the say of several agencies like the NSA. The leak not only expose those agencies but unveils intentions behind the viol repulsive act. Roll down for more detail.
Hacking Team Uses A Legitimate Apple Enterprise Signing Tool
For the task to be accomplished, the Hacking Team's software needs to be installed on Jailbroken iPhones. This will work if you connect your jailbroken device to a malware infected computer. The hacked data unveiled that the cost of hacking an iOS device can be up to $55,242 which would include some of the aspects such as WhatsApp, Viber, Skype as well as location and all the possible attributes related to contacts. Though the hack should first match the prerequisites and conditions of the jailbroken iOS device.
Much has been speculated before and after Edward Snowden’s release of a trove of National Security Agency (NSA) documents in 2013 about the capabilities of the United States’ agencies as well as those of allies and enemies. The Hacking Team dump reveals quite a bit more about the routine functions of third-party suppliers into that ecosystem, including specifically enumerated capabilities.
iOS users should therefore take note that the long-running concern that jailbroken iPhones and iPads were susceptible to vulnerabilities that could include access by so-called state actors appears to be confirmed by the data breach.
Beetling, Jay Freeman's coworker (Saurik), posted on Reddit that Hacking Team's tools for the infiltration and monitoring of iOS devices is part of the same category as MSpy spyware tool which is dispersed on the BigBoss repository. Hence, the tool requires physical access by the user to his iPhone for the installation purposes. However, Beetling portrayed that the Hacking Team's tool uses 'Spearfishing' attacks that cause the malware infected computer to inject the software in the connected iOS devices.
The breached spyware company uses an Apple enterprise tool for signing purposes that most organisations use to put specific software on their employee devices, in this case - iOS devices. This technique will bypass all installation protections and the operation would proceed further. Its uncanny for average users to worry about their jailbroken devices being spied as a lot of Benjamin Franklins are required and they wouldn't waste it on an average user.
To be on the safe side, it is advised to Jailbreak users to use OpenSSH tool for root access and avoid using the AFC2 (Apple File Conduit 2). This may prevent hacking over the device when connected to a computer. Moreover, you should use trusted and authentic sources to download tweaks and stuff otherwise the impact may be adverse. However, if you must keep your data safe, you can add an appropriate passcode and disallow anyone who seeks physical assistance of your device. The Hacking Team has denied to share their views on the leak and some of the company executives claim the leak as a 'false lie'. This is it for now, folks. Let us know how you feel about the major security breach.