Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS Trojan Targets Hong Kong Protestors

Posted by samzenpus on from the protect-ya-neck dept.

First time accepted submitter Kexel writes Security researchers have claimed to discover the first Apple iOS Trojan attack in a move to thwart the communications of pro-democracy Hong Kong activists. From the article: "The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday. They uncovered the spyware while investigating similar malware for Google Inc's Android operating system last week that also targeted Hong Kong protesters. Anonymous attackers spread the Android spyware via WhatsApp, sending malicious links to download the program, according to Lacoon. It is unclear how iOS devices get infected with Xsser, which is not disguised as an app."

16 of 72 comments (clear)

  1. Advanced? Requires a Jailbreak & manual instal by mTor · · Score: 5, Informative

    Here's the actual analysis of malware:

    https://www.lacoon.com/lacoon-...

    The iOS device needs to be jailbroken in order to be infected. Then with Cydia installed, the repository would be need to be added and then the package could be installed. All thatâ(TM)s known is that both the iOS and Android attacks share a CnC server.

  2. Re:Advanced? Requires a Jailbreak & manual ins by Noah+Haders · · Score: 5, Insightful

    +1000 relevant. when any iOS malware is reported, the first question is, "does it require jailbreaking". To my knowledge all of the trojan/spyware/NSAware/etc require a jailbroken iphone.

  3. Re:Advanced? Requires a Jailbreak & manual ins by NoNonAlphaCharsHere · · Score: 2

    sudo apt-get install malware

    Easy-peasy.

  4. iOS Attack Vector? by Ronin+Developer · · Score: 2

    The Android attack vector is pretty clear. Oddly, they don't know how it spreads to iOS devices. If it's not spread as an malicious, sandboxed app, then how does it get on an iPhone?

    How about:
    a) Phone was jailbroken.
    b) Phone had a modified iOS installed.
    c) Some vulnerability exists in one of the built in apps that allows malicious software to be installed outside of the confines of the sandbox.

    Given it's happening in China during the protests and with a large iOS device blackmarket, I'm betting on (b) followed by (a) with a very slight chance of (c) and that this malware won't be seen in the rest of world anytime soon.

    1. Re:iOS Attack Vector? by Ronin+Developer · · Score: 2

      Yes, read the analysis offered in another poster's comments.

      So, the question begging to be asked is whether jailbreaking phones in China by the owner is a common occurrence or if the phones are sold "pre-jailbroken" by a larger agency and able to download and install these hacks at will?

    2. Re:iOS Attack Vector? by tlhIngan · · Score: 4, Informative

      So, the question begging to be asked is whether jailbreaking phones in China by the owner is a common occurrence or if the phones are sold "pre-jailbroken" by a larger agency and able to download and install these hacks at will?

      Probably a mix of both, because the #1 reason to jailbreak these days seems to be... pirating software. I mean, the iOS 7.12 jailbreak was done by a bunch of Chinese people to promote... their Chinese app store. Which happens to conveniently be filled with pirated apps. (It was one of the things that led to the original iOS7 exploit to be questioned).

      So effectively the users jailbreak to get "free apps" from the Chinese app store that also happens to install malware along with it.

      I'm guessing the Chinese store must have a lot of pirated apps, because piracy on iOS is just at a lower level - at least on Android there are entire "daily packs" that contain new and freshly updated paid apps on your favorite torrent site (which can be RSS fed to your torrent client). iOS apps ... not so much. Maybe a fraction and not as convenient to get.

  5. Re:Advanced? Requires a Jailbreak & manual ins by Noah+Haders · · Score: 4, Insightful

    oh by the way, the exploit to jailbreak ios7 was developed by a previously-unknown Chinese haX0r group. Just putting that out there.

  6. Attention Slashdot Editors by rabtech · · Score: 4, Insightful

    Is this a story about iOS malware? Then you should require the answer to this question:

    1. DOES IT REQUIRE JAILBREAK?

    The only *interesting* iOS malware story is one that does not require jailbreak. I'm not aware of any; there may be some that use known or unknown exploits, but in this case the malware requires the user to have a jailbroken phone. That's not news or "stuff that matters".

    Sincerely,
    Slashdot Readers

    --
    Natural != (nontoxic || beneficial)
  7. Wow, that was quick. by baudilus · · Score: 4, Insightful

    Sounds to me like that had this ready to go, even before the protests. I'd imagine that the percentage of jailbroken iOS devices in China markedly outstrips those in the western world, given the political climate and sandboxed internet there. It seems that the government was both aware of the devices and had the gun cocked and ready to fire.

  8. Re:jailbreak or no jailbreak? by neoritter · · Score: 2

    As usual some ass hat doesn't read the article before commenting.

    The article itself doesn't mention the jail break portion. How do you expect the poster to?

  9. It is called IOS 8.0.1 by www.sorehands.com · · Score: 3, Funny

    IOS 8.0.1 will disrupt cellular communications on an iPhone without the need to root the phone.

    It's not a bug, it is a feature.

    --
    Fight Spammers!
  10. xsser by koan · · Score: 4, Informative

    https://www.lacoon.com/lacoon-...

    "Cross-Platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state. The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s first iOS trojan linked to Chinese government cyber activity."

    --
    "If any question why we died, Tell them because our fathers lied."
  11. Re:Advanced? Requires a Jailbreak & manual ins by Wrath0fb0b · · Score: 3, Insightful

    Perhaps stories like this will make clear what the costs of disabling code signing really are, to be weighed against the incentive to disable it ...

  12. Re:Advanced? Requires a Jailbreak & manual ins by mTor · · Score: 2

    jailbreak ios7 was developed by a previously-unknown Chinese haX0r group

    Code for Pangu jailbreak was stolen from a well-known iOS hacker and security researcher i0n1c/Stefan Esser:

    https://twitter.com/i0n1c/stat...

  13. Re:Advanced? Requires a Jailbreak & manual ins by Noah+Haders · · Score: 3, Informative

    well, considering that over 50% of all iOS devices are running iOS 8, and no jailbreak exists for this OS, i think there are a lot of people who hasnt jailbroken their phones. anecdotally, I don't know anybody that has done this. oh wait I know one guy but he was a bit of a wanker.

  14. Re:Advanced? Requires a Jailbreak & manual ins by tlhIngan · · Score: 2

    That's great, but seriously, who doesn't jailbreak their iphone? The security of the walled garden is fairly theoretical since there is so much incentive to disable it.

    It is a bit like saying that some website can't steal your personal info unless you click through that warning that shows up the first time you use Firefox on a webpage with a non-SSL form.

    Generally the number of jailbroken iOS devices has hovered around 10%.

    Not too many people do jailbreak because iOS is pretty much good enough, and each revision just adds less and less reason to do so. Sure there's always going to be folks who jailbreak to get it so they can customize every single thing like an Android phone, but for the most part, most user's reasons for jailbreaking disappear each new iOS revision.

    (Remember, there are a LOT of iOS devices out there, so when a new jailbreak claims "1 million devices were jailbroken", that pales in comparison to numbers like 50+M iPhone5S's were sold or 10M iPhone6/6+ were sold. ).

    About the only reason people consistently jailbreak is... pirated apps, and even those have a non-jailbreak workaround involving cracked apps and enterprise signing certificates (which generally last only a short time because Apple invalidates them quickly). Even then the iOS piracy scene is tiny compared to Android. If you want apps for free, Android's really where it's at. It's far easier to find an app cracked for Android than it is for iOS. Usually because on Android what they do is they buy it, then refund it.