- Security researchers have uncovered a highly targeted mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.
Highlights of the news
- Senior cyber crime officials confirmed that they had recently been alerted to the activities of a hacker based in India who deploys a mobile device management (MDM) system on targeted iPhones.
- Sources said that based on the study of the logs left behind by the malware, in use since August 2015, the hacker had enrolled at least 13 iPhones, all based in India.
- The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol— a type of security software used by large enterprises to control and enforce policies on devices being used by their employees—to control and deploy malicious applications remotely.
- To enroll an iOS device into the MDM requires a user to manually install enterprise development certificate, which enterprises obtained through the Apple Developer Enterprise Program.
- Companies can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using Apple Configurator.
- Once a user installs it, the service allows the company administrators to remotely control the device, install/remove apps, install/revoke certificates, lock the device, change password requirements, etc.
- Since each step of the enrollment process requires user interaction, such as installing a certificate authority on the iPhone, it is not yet clear how attackers managed to enroll 13 targeted iPhones into their MDM service.
- However, researchers at Cisco’s Talos threat intelligence unit, who discovered the campaign, believe that the attackers likely used either a social engineering mechanism, like a fake tech support-style call, or physical access to the targeted devices.
- According to the researchers, the attackers behind the campaign used the MDM service to remotely install modified versions of legitimate apps onto target iPhones, which were designed to secretly spy on users, and steal their real-time location, contacts, photos, SMS and private messages from chat applications.
- To add malicious features into secure messaging apps, such as Telegram and WhatsApp, the attacker used the “BOptions side loading technique,” which allowed them to inject a dynamic library into the legitimate apps.
- Any user whose device has been enrolled by the hacker can face a variety of crimes, including data theft, hacking of bank accounts or blackmail.
- The hackers themselves do not have to be interested in any of these crimes.
- They just have to sell them on the dark net to the highest bidder looking to commit such crimes.
- Over a three-year period, the attackers remained under the radar — likely due to the low number of compromised devices.
- For now it’s unclear who the targets of the campaign were – much less the perpetrator of the attack or its purpose.
India’s overall vulnerability to cyber attacks
- India emerged as the third most vulnerable country in terms of risk of cyber threats, such as malware, spam and ransomware, in 2017, moving up one place over previous year, according to a report by security solutions provider Symantec.
- In 2017, 5.09% of global threats detected were in India (slightly less than 5.11% in 2016).
- The U.S. (26.61%) was most vulnerable to such attacks, followed by China (10.95%), according to ‘Internet Security Threat Report’.
- The global threat ranking is based on eight metrics — malware, spam, phishing, bots, network attacks, web attacks, ransomware and cryptominers.
- As per the report, India continues to be second most impacted by spam and bots, third most impacted by network attacks, and fourth most impacted by ransomware.
Efforts by the government to reduce vulnerability to cyber attacks
- In June, the Property Cell of the Mumbai Police Crime Branch busted a racket where debit and debit cards of foreign nationals were being cloned by a gang of Indians.
- Coordinated efforts by all stakeholders are under way to counter the current threat.
- Besides, The Government of India took the first formalized step towards cyber security in 2013, vide the Ministry of Communication and Information Technology, Department of Electronics and Information Technology’s National Cyber Security Policy, 2013.
- In 2014, the Prime Minister’s Office created the position of the National Cyber Security Coordinator.
- In 2016, in response to the intrusions by infamous hacker group ‘Legion’, the Ministry issued several orders and directives.
- These included use of the National Payment Corporation of India (NPCI) to audit the financial sector, review and strengthening of the IT Act, directives to social networking site Twitter to strengthen its network, and directives to all stakeholders of the financial industry including digital payment firms to immediately report any unusual incidents.
- To combat cyber security violations and prevent their increase, Government of India’s Computer Emergency Response Team (CERT-in) in February 2017 launched ‘Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre) a new desktop and mobile security solution for cyber security in India.
- It is important for iPhone users to not click on unverified links and refrain from sharing sensitive data through messages.
- Users must be aware that accepting an MDM certificate is equivalent to allowing someone administrator access to their device, passwords, etc.
- This must be done with great care in order to avoid security issues and should not be something the average home user does.
- National Cyber Security Agency (NCSA) to address cyber security issues needs to improve implementation at a national level.
- Such an agency is suggested to be equipped with staff that is technically proficient in both defensive and offensive cyber operations, to encrypt platforms and collect intelligence.
- In 2013 we set up of a National Cyber Coordination Centre (NCCC) as a cyber security and e-surveillance agency, to screen communication metadata and co-ordinate the intelligence gathering activities of other agencies.
- However, it requires compliance and adherence to international privacy law standards.
- It is hoped that the Government’s initiatives can keep pace with the rapidly changing nature of cyber attacks.