In our digital age, geopolitics plays out in cyberspace as much as in physical space. The latest evidence comes straight from Hong Kong, where tens of thousands of pro-democracy demonstrators have been calling for the territory’s leader, C.Y. Leung, to resign. Police responded over the weekend with tear gas.
China’s cyber spies have reacted as well, with malicious software designed to infiltrate demonstrators’ iPhones and Android devices. Malware targeting iPhones is relatively rare. And an attack against both the Apple (AAPL) and Android operating systems is very unusual, suggesting that a powerful organization behind it, according to Lacoon, a mobile security company that discovered the iOS-targeted spyware.
“Cross-platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state,” Lacoon researchers wrote in a blog post yesterday. “The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s linked to Chinese government cyber activity.”
The opening salvo was a piece of malicious software disguised as an Android app to help activists coordinate protests. Lacoon, which focuses on helping companies protect mobile devices, began analyzing the program, which included tracing the Internet sites with which the spying software communicated, once installed. Such sites are known as “command and control” servers in cybersecurity lingo.
In examining one of these sites, the researchers found another version of the malware—this one designed to steal information from iPhones. Everything on the site is written in Chinese, according to Lacoon. ”We haven’t seen anything which has this level of sophistication on iOS, and we’ve never seen something that has a Chinese attribution,” says Michael Shaulov, Lacoon’s co-founder and chief executive officer.
Once it gets into your iPhone, the malicious program can access your contacts, text messages, call logs, and pictures. It also gets inside one of the most sensitive locations on the iPhone, the keychain in which other applications, which include your e-mail, store passwords.
Lacoon hasn’t been able to tell how the iOS malware is spreading—what kind of ruse or social engineering the hackers are using to get the software onto devices. It can only infect ones that have been “jailbroken,” meaning that users have removed the default limitations enforced by the Apple operating system on what applications it can run. That aspect of the malware is something of a mystery because few users do that, according to Shaulov.
One theory is that the hackers have developed a way to jailbreak Apple devices remotely through some undisclosed vulnerability, Shaulov says. This is a possibility that he says is pure speculation—and scary, nonetheless.
China approved Apple’s new iPhone 6 for sale there this week. The move was held up by regulators’ questions about weaknesses in the operating system that might leak users’ personal data.