As reported, the Italian firm Hacking Team has suffered a massive breach in its company data, with 400GB of internal documents so far having been released and picked over by reporters and security researchers. Hacking Team’s customers are government agencies, including both law enforcement and national security, and the ostensibly legal software it sells to help them intercept communications includes not-yet-exploited vulnerabilities, known as zero-days. There has even been reports of correspondence between the Irish Defence Forces and Hacking Team regarding a purchase, according to a story posted on Medium under the account @BeYourOwnReason.
Much has been speculated before and after Edward Snowden’s release of a trove of National Security Agency (NSA) documents in 2013 about the capabilities of the United States’ agencies as well as those of allies and enemies. The Hacking Team dump reveals quite a bit more about the routine functions of third-party suppliers into that ecosystem, including specifically enumerated capabilities.
iOS jailbreak
iOS users should therefore take note that the long-running concern that jailbroken iPhones and iPads were susceptible to vulnerabilities, which could include access by so-called state actors, appears to be confirmed by the data breach.
Two security outfits, the commercial Kaspersky Lab in Russia and academic Citizen Lab in Canada, first revealed in June 2014 that they had discovered and decoded Hacking Team’s smart phone-cracking software. The reports at that time indicated that only jailbroken iOS devices could be hijacked, but that malware could be installed on an iOS device when connected to a computer that was confirmed as trusted, and which had been compromised.
That external analysis has now been complemented by the Hacking Team’s internal documents. One price list shows a €50,000 price tag on an iOS snooping module with the note, “Prerequisite: the iOS device must be jailbroken.”
While jailbreaking an iOS device to install software has been a continuously sought-after option, and one that is constantly revised by different parties as Apple fixes the exploits that allow it, there has always been a concomitant knowledge that jailbreaking renders an iPhone or iPad vulnerable. Apple is certainly protecting its ecosystem, but researchers agree it is also protecting system integrity.
Untrusted code
Nick DePetrillo, a principal security researcher at Trail of Bits, says, “Jailbreaking your iPhone is running untrusted third-party exploit code on your phone that disables security features of your iPhone in order to give you the ability to customise your phone and add applications that Apple doesn’t approve.”
DePetrillo takes no position on Hacking Team or side-loading apps, but notes that from a security perspective, the latest jailbreaking software is designed to obfuscate how it works, comes from teams based outside the United States, and disables several security features.
Although installing the malware on a jailbroken iOS device would seemingly require physical access, the related exploit of jailbreaking via malware installed on a trusted computer would allow bypassing that limitation.
Researchers have also found so far that Hacking Team has a legitimate Apple enterprise signing certificate, which is used to create software that can be installed by employees of a company who also accept or have installed a profile that allows use of apps signed by the certificate. It was shown last November that an enterprise certificate combined with a jailbroken iOS device could be used to bypass iOS protections on installing apps. Further, Hacking Team had developed a malicious Newsstand app that could capture keystrokes and install its monitoring software.
In a stunning bit of irony, Hacking Team had many of its online accounts at social media and other sites hijacked because of poor password choices, and storing passwords in forms that could be easily readable by whatever party performed the data breach.
Protection measures
What can you do to protect yourself against Hacking Team and similar software? Most people are not in danger of having this software used against them, because Hacking Team’s approach focuses on individual devices rather than mass interception. (Other companies and agencies work on that.) Apple’s iOS security is apparently good enough that only a jailbroken phone or a compromised Mac to which an iOS device is connected are vectors to exploit.
Should you never plug an iPhone or iPad into a Mac and click Trust when prompted? It is hard to say “never,” unless you are at risk of reprisal for your political activities in your country. Governments are known to use these sorts of techniques to pinpoint individuals of interest, because widespread use could disclose them, and allow operating system and other software makers to protect against them.
You can imagine that anything disclosed in this breach will be turned into fodder for Apple, Google, and others to fix wherever that is possible.
Glenn Fleishman, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers