Apple’s iOS is known for the security and privacy it provides to its users. However, a recent exploit in Italy suggests that it is not the case.

Spyware called Exodus was affecting Android users and something similar has been found on Apple devices. Security researchers of the mobile security firm Lookout reported about the malicious app on Android and then on iOS.

This spyware app disguises itself as a customer support application from a mobile carrier. The app secretly steals contacts, audio, photos and videos and other sensitive data of the device like GPS data.

Exodus Spyware

Apple iOS security researchers suggest that looking at the behavior and structure the app has been developed by professional and has been developed in more than 5 years.

Suspects

There are several indications that the malicious app for iPhone iOS is made by an Italian video surveillance company called eSurv and another company called Connexxa which was acquired by eSurv.

Behind the Scenes

The Android version of the app used an exploit to gain root access to the device.

On the other hand, the Apple iOS version use technique called certificate pinning to its hide its network traffic. Security intelligence engineer Adam Bauer explains that this type of sophisticated work is certainly done by professionals.

The hackers used Enterprise certificates which are provided by Apple to software developers for internal company use which allows them to install the application without passing the stringent test of App Store.

It should be noted that Enterprise certificates are used by Apple iOS app developers to test applications on the devices

What happens next?

Enterprise certificates have been abused before by the developers to distribute pornographic and gambling apps on App store. However, Apple revoked access to the certificates for those developers.

Currently, Exodus for Android and iOS has been contained and blocked.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.