Hacks on iPhones developed by Italian company RCS Lab have been used by European law enforcement agencies, according to a new Google report. The hacking tool used a variety of exploits to allow the company’s customers to spy on private messages, contacts, and passwords.
However, Apple has patched all six vulnerabilities used in different versions of iOS (see below), so updating your iPhone will protect it from hacking tools…
Details of the spyware were revealed by security researchers at Google’s Threat Analysis Group (TAG), whose mission is to detect and combat “targeted and government-backed hacking”.
Google said it has been tracking the activities of commercial spyware vendors for years, including RCS Lab.
Seven out of nine zero-day holes [across iOS and Android] Threat analysis suite discovered in 2021 falls into this category: Developed by commercial providers and sold and used by government-backed actors. TAG actively tracks more than 30 vendors with varying levels of sophistication and public visibility who sell exploits or monitoring capabilities to government-backed actors.
Today, along with Google’s Project Zero, we detail the capabilities we attribute to RCS Labs, an Italian vendor that uses a range of tactics, including atypical downloads as infection raw vectors, to target mobile users on both iOS and Android.
iPhone hack for RCS Lab
The attacks are not as serious as those used by NSO’s Pegasus, as RCS requires iPhone owners to be tricked into clicking on a link. However, the company has come up with a reasonably clever way to do just that.
In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connection. Once disabled, the attacker sends a malicious link via SMS asking the target to install an app to restore their data connection. We think this is the reason why most of the apps are masquerading as carrier apps. When the ISP cannot be engaged, the apps are disguised as messaging apps.
The apps use an official Apple method for businesses to install internal apps on iPhones used by employees.
To distribute an iOS app, the attackers simply followed Apple’s instructions on how to distribute private internal apps on Apple devices and used the itms services protocol with the following manifest file and using com.ios.Carrier as an identifier.
The resulting application is signed with a certificate from a company called 3-1 Mobile SRL (Developer ID: 58UP7GFWAA). The certificate meets all requirements for iOS code signing on any iOS devices because the company was registered with the Apple Developer Enterprise Program […]
The application is divided into multiple parts. It contains a general wrapper for a franchise escalation exploit used by six different exploits. It also has a simple factor that is able to output interesting files from the device, such as the Whatsapp database.
Google says it found live examples of hacked phones in Italy and Kazakhstan, but CNN He points out that RCS claims several European law enforcement agencies as customers, which makes it possible that iPhones in other countries have also been hacked.
Macworld He notes that Apple has patched all of the iOS exploits used, so your phone is safe from all of them provided you have updated to at least iOS 15.2.
If you need to check which version of iOS you are using, you can do so in Settings > General > About. To update, go to Settings > General > Software Update.
Photo: Mehdi Bafandi/Unsplash
FTC: We use affiliate links to earn income. more.
Check out 9to5Mac on YouTube for more Apple news: