In our digital age, geopolitics plays out in cyber space as much as in physical space. The latest evidence comes straight from Hong Kong, where tens of thousands of pro-democracy demonstrators have been calling for the territory’s leader, C.Y. Leung, to resign. The police responded over the weekend with tear gas.
China’s cyber spies have reacted as well, with malicious software designed to infiltrate demonstrators’ iPhones and Android devices. Malware targeting iPhones is relatively rare. And an attack against both the Apple and Android operating systems is very unusual, and suggests a powerful organization behind it, according to Lacoon, a mobile security company that discovered the iOS-targeted spyware.
“Cross-platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state,” Lacoon researchers wrote in a blog post yesterday. “The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s linked to Chinese government cyber activity.”
The opening salvo was a piece of malicious software disguised as an Android app to help activists coordinate protests. Lacoon, which focuses on helping companies protect mobile devices, began analyzing the program, including tracing the Internet sites with which the spying software communicated once installed. Such sites are known as “command and control” servers in cyber-security lingo.
In examining one of these sites, the researchers found another version of the malware, this one designed to steal information from iPhones. Everything on the site is written in Chinese, according to Lacoon. ”We haven’t seen anything which has this level of sophistication on iOS, and we’ve never seen something that has a Chinese attribution,” says Michael Shaulov, Lacoon’s co-founder and chief executive officer.
Once it gets into your iPhone, the malicious program can access your contacts, text messages, call logs and pictures. It also gets inside one of the most sensitive locations on the iPhone, the keychain where other applications, including your email, store passwords.
Lacoon hasn’t been able to tell how the iOS malware is spreading—what kind of ruse or social engineering the hackers are using to get the software onto devices. It can only infect ones that have been “jailbroken,” meaning the users have removed the default limitations that the Apple operating system puts in place on what applications it can run. That aspect of the malware is something of a mystery, since few users actually do that, according to Shaulov.
One theory is that the hackers have developed a way to jailbreak Apple devices remotely through some undisclosed vulnerability, Shaulov says. It’s a possibility he says is pure speculation but scary nonetheless.
China only approved Apple’s new iPhone 6 for sale there this week, a move that held up by regulators’ questions about weaknesses in the operating system that might leak users’ personal data.
