iPhones are one of the most powerful smartphones in the world today and are used to communicate and store large amounts of private information. iPhone spyware takes advantage of most features available on the device giving the person controlling the spyware access to phone calls, text messages, emails, WhatsApp messages and many many more. iPhone spyware has been commercialized over recent years, can be bought for as little as $39 and can be installed in under 5 minutes by a non-technical person.
How to Detect iPhone Spyware
Typical advice available online for iPhone spyware detection is mainly speculative and suggests the user checks for the following:
- Is the battery getting hot?
- Is the battery running down quickly?
- Can you hear a buzzing noise when on the phone?
- Is the device always on the Internet?
Whilst these are sometimes symptoms of iPhone spyware these are not definitive tests to ensure your device is free from malware. A digital forensic firm will normally be able to confirm if an iPhone has been hacked, but will normally charge hundreds or even thousands to perform a thorough examination of the device. At Certo Software we have a developed a tool to quickly scan your iPhone for the existence of both Jailbreak and spyware signatures.
Watch the video below to see how Certo iPhone can scan your iPhone or iPad for spyware in under 2 minutes.
Types of iPhone Spyware
There are 3 main types of iPhone spyware as below:
1. Hidden Spy App
The first and most common type of iPhone spyware is a Hidden Spy App that is installed on the device. Apple devices normally only allow the installation of trusted Apps from their App Store. These malicious apps are not approved by Apple and are therefore not available from the App Store. In order for an attacker to install this type of spyware on an iPhone the target device must first be Jailbroken, a process of lifting restrictions on an iOS device to allow installation of un-trusted App, such as spyware. If your device has been Jailbroken, but you did not knowingly do this yourself there is a chance someone else has Jailbroken your device in order to install spyware on it. This type of malware has been designed to be difficult to detect by the user and is usually invisible when examining the device. However tools like Certo iPhone can detect both Jailbroken devices and if any known spyware is installed on the device.
2. Masque Attack
Masque attacks have had significant media coverage over the last year as several companies have demonstrated that it is sometimes possible to install spyware on iPhones without Jailbreaking the device first. The attack works by replacing an existing trusted App (e.g. Newsstand or Weather) with a slightly modified version of the App that also contains spyware code to capture private information from the device and send it to the attacker. Unlike the above Spy Apps this attack requires significant technical ability and is not an “off-the-shelf” solution. It is also worth noting that Apple released a security patch in iOS 8.4 to stop this attack from working. Certo iPhone can also detect some Masque Attacks on iPhones and iPads.
3. iCloud Backup Attack
The first and second types of iPhone Spyware both require malicious code to be installed on the device, which can be detected upon examination. However, an iCloud Backup Attack works slightly differently and can be performed without having access to the target device. To orchestrate this type of attack the attackers will need to signup to a service such as mSpy and enter the target’s iCloud email address and password. As long as the target device is configured to backup to iCloud the attacker will then have access to the iPhone’s text messages, call logs, WhatsApp history and more. This type of attack is difficult to detect. If you think you might be a victim of any iCloud Backup Attack we recommend checking to see if your device is configured to backup to iCloud and change your iCloud password. Ideally you should enable two-factor authentication on your account – https://developer.apple.com/support/two-factor-authentication/