Apple has just revealed that it will introduce Lockdown Mode to all iPhone, iPad, and Mac devices.
The Lockdown Mode is a feature where certain features will be turned off, and protects users from intruders/dangerous spyware.
Apple said this feature is an optional protection for journalists, activists and human rights defenders who are targeted by the state using spyware.
Reported by Gizmodo, Thursday (7/7/2022), this feature comes as a solution after several years of successful spyware attacks targeting thousands of iPhone users around the world.
Exploiting vulnerabilities in device security systems, spyware makers such as NSO Group , Candiru, and Cytrox can inject spyware at the request of their government customers.
When enabled, this new mode will disable certain functions and features which were entry points for past spyware infections .
Lockdown mode will block most types of message attachments (which are usually used for the spread of sneaky spyware), as well as wired connections to computers or other devices.
“Lockdown mode is an innovative feature that reflects our unwavering commitment to protecting users against the rarest and most advanced attacks,” said Ivan Krstić, Apple’s head of security engineering and architecture.
“While the vast majority of iPhone , iPad and Mac users will never fall victim to a highly targeted cyberattack, we will work tirelessly to protect minorities,” he said.
Dangerous Spyware Spy on Android and iOS Users
Google warns users about a spyware called Hermit made by an Italian-based company, namely RCS Labs.
The Hermit spyware is made to not only steal the victim’s data, but also record and make phone calls without the user’s permission.
A Google research team named Threat Analysis Group (TAG), Benoit Sevens and Clement Lecigne, revealed that RCS Labs intentionally infects Android and iOS cellphone users with their spyware.
The process of spyware infection to users’ devices is carried out with the help of several Internet Service Providers (ISPs) in Italy and Kazakhstan, as quoted from the TAG report via Security Affairs, Saturday (25/6/2022).
TAG found that seven of the nine zero-day vulnerabilities discovered in 2021 were developed by commercial providers, and sold to government-backed groups.
The research team tracked more than 30 vendors selling vulnerabilities, or surveillance capabilities, to government support organizations or institutions.
TAG has looked at RCS Labs, and knows their attack method is always preceded by a unique link sent to the target.
After clicking on the link, the victim is redirected to a page designed to trick users into downloading and installing a malicious app on their Android or iOS phone.
Assisted by Mobile Operator
“In some cases, we believe the perpetrators worked with the target ISP to disable the target’s mobile data connectivity,” the Google report said.
Once disabled, the attacker will send a malicious link via SMS asking the target to install the app to restore their data connectivity.
“We believe this is the reason why most apps masquerade as mobile carrier apps. When ISP involvement is not possible, the app is disguised as a messaging app.”
Google TAG researchers observed that RCS Labs used a way of sideloading spyware onto iOS devices by adding a company certificate.
After that, they ask the victim to enable the installation of apps from unknown sources.
In the case of Android devices, the culprit is not using an exploit. They trick victims into giving permission to install apps from unknown sources.
Spyware Predator Snoops on Android Phone Users
On the other hand, TAG also found that at least eight countries around the world purchased a series of zero-day Android security flaws from a company called Cytrox.
Furthermore, the government uses the loophole to install spy software on their target’s devices and smartphones.
Citing the Gizchina page, Wednesday (25/5/2022) according to Google’s latest report, this development highlights the sophistication of the surveillance tool offerings available in the market.
This vulnerability is likely part of 58 zero-day vulnerabilities that Google has identified in 2021. One of them is malicious Android spyware that can eavesdrop on Android users’ conversations.
According to the Google research team, the increasing threat of zero-day loopholes in 2021 is due to increased detection and discovery of zero-day vulnerabilities, rather than increased exploitation by bad actors.
Currently, although there is not much information about the Cytrox surveillance company, researchers have revealed that the company’s headquarters are in Skopje, North Macedonia.