“Su-A-Cyder” Lets Attacker Spy on Apple Devices easily, What you can do
Everybody was stunned when FBI controversial feud with Apple took a turn, unlocking the device from itself without notifying the company. However, FBI isnt the only one to apply its newly found way of cracking the devices , Mi3Security Chief Architect for R&D Chilik Tamir recently demonstrated at Black Hat Asia how his homegrown malware kit called Su-A-Cyder could do just that. The hack doesnt blame the vulnerability of the iOS security features, because it isnt. The security features built into iOS and the App Store are as strong as ever, but there are things that can easily be target.
Chilik presented Su-A-Cyder with a video, defining how the tool is capable of revolutionizing an “Evil” Skype application. To run a malware, You need to link a PC to an iPhone running any iOS, up until the latest Apple OS 9.3.1. Once Su-A-Cyder is administered it installs an app loaded with malicious features with some command line entries. The Evil Skype application for iPhone that looks like the real thing. It contains hidden features that would help a hacker siphon off data from the iPhone on which it’s installed. And that data could include GPS location history, contacts and more.
During his Black Hat presentation, Tamir noted that Apple requires all code for iOS-based apps be “properly signed with an Apple-provided certificate.” So replacing code, patching applications and repackaging iOS apps simply “should not be possible.”
READ ALSO -> How to Encrypt your Iphone Device
The tool also connects to Apple’s servers and creates new signed certificates re-signing the app, making it difficult to differentiate it from other original applications. Anyone with an email address that can be turned into an Apple ID and the ability to recode iOS apps can create malware like this. However, it doesn’t mean Apple’s security has been compromised. It just shows how easy it is to circumvent some of the safety features we take for granted in iOS.
In order to prevent yourself,make sure you always have your iPhone with you and to lock it with a PIN or password so that nobody can get into it without your consent. For those with a strong passcode, Su-A-Cyder, or similar tools, might not pose a threat. But even the most secured and locked iPhones can have their Data breached.