Security researchers have uncovered a ‘highly targeted’ mobile malware campaign that has been running since August 2015 and was found spying on 13 selected iPhones in India.
The attackers were abusing mobile device management (MDM) protocol which is a kind of software used by organisations to control and implement policies on the devices of their employees. Attackers are using this protocol to install malicious applications and spy on devices remotely.
However, to enrol an iOS device into MDM, a user has to manually install the certificate which is obtained through the Apple Developer Enterprise Program.
Once the user installs the certificate, the organisation holds the authority to remotely control the device, install/remove apps, install/revoke certificates, lock the device, change password requirements, etc.
How did the hackers manage to exploit the MDM protocol?
Since the MDM requires user interaction on every step, researchers believe that the
Hackers used social engineering techniques to install MDM in their device.
Once it was installed, the attackers used the MDM service to remotely install modified versions of legitimate apps like WhatsApp, telegram onto the devices. The hackers injected malicious features into these legitimate apps in order to secretly spy on users steal their real-time location, contacts, photos, SMS and private messages from chat applications.
Although it is still not known who is behind this attack according to the researchers the hackers were operating from India posing themselves as Russians
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes
Since the MDM requires user interaction on every step it is highly probable that hackers have used social engineering techniques to convince the users to either click “OK” or even give the attacker physical access of the device.
Installing an MDM certificate whether iOS or Android is the highest level of permission that a user can give to an application as it allows the application to do almost everything remotely and stealthy.
The attack although seems to be targeting a very limited no of users but it gives us a picture of how dangerous is giving physical access to an unknown person can be especially in India where a big chunk of middle-aged people who are not well connected with technology often go to local mobile shop and ask them to configure their device with WhatsApp, Gmail, music and what not.
Humans are the weakest link in cybersecurity and hackers are well aware of that. It is easier to hack a head instead of a complicated computer system and hence it is the users who have to take necessary precautions to save themselves from these kinds of attacks. Remember- Your security lies in your own hands. Think before you click!
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
Sign me up for the newsletter!
Notify me of follow-up comments by email.
Notify me of new posts by email.
Chattel Mortgage — What It Is and What It Is Good For
The Pros and Cons of Life in the Gig Economy
Medica Group of Hospitals lays the foundation for a Healthy Future during COVID-19
IDP Education launches its virtual offices across India
2014 The Global Indian New Network (TGINN)