SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
28 Feb 2017

Paranoid spouses can spy on partners' iOS 10 devices with iCloud backups

Last week, experts demonstrated a piece of Android malware that can remotely turn on a smartphone's microphone, track the user's location, and intercept phone calls.

When buying similar spyware for iPhones, attackers typically need to jailbreak the device first so they can then install unauthorized apps — a technical barrier that may take some time.

But companies do offer monitoring solutions for iPhones that apparently work on iOS 10 devices and don't require a jailbreak. Instead, they take advantage of another aspect of Apple products that some users may overlook — iCloud backups. Although the method isn't sophisticated, and the attacker requires a target's Apple ID and password, it still highlights the options available to someone trying to monitor their spouse using off-the-shelf tools.

"Keeping tabs on the online activities of kids and employees on all iOS devices has gotten even simpler as jailbreak is no longer a prerequisite for Mobistealth to work," the website for Mobistealth, the company that sells the monitoring tool, reads.

According to the website, Mobistealth's non-jailbroken iOS solution can monitor call logs and the phone's contact list, steal photos stored on the device, read all WhatsApp conversations, and remotely track the location of the phone using GPS. It can also log other communication apps, such as WeChat, Kik and LINE. (The company also sells spyware for jailbroken iPhones, normal Android devices, and computers.)

Mobistealth markets its products towards business owners that want to monitor employees, or to help parents keep tabs on their children. However, several other websites, which include Mobistealth branding, advertise spyware as suitable for monitoring a partner. A YouTube video, which includes a Mobistealth referral link, markets the product for spying on a "cheating spouse." In other words, even if a company doesn't explicitly state its tool can be used to snoop on partners, third-party affiliates, who can make money from promoting products, still do so.

Experts contacted Mobistealth and asked whether one could use the company's products to spy on their wife or lover. "Yes," the representative said. When pressed about whether a user would need to obtain the target's consent first for legal reasons, or whether one can just use it to target a device without permission, the representative said, "Yes, you can do that."

As mentioned, Mobistealth uses a non-jailbroken iPhone's iCloud backup to obtain its data. According to Apple's website, "iCloud backups include nearly all data and settings stored on your device." An attacker needs the Apple ID and password of the phone they want to monitor. After registering that account with Mobistealth, the company will start pulling data straight away, Mobistealth's website reads. Ostensibly, the monitoring solution would no longer work if the password for the Apple ID was changed.

"Please note that iCloud backup is normally enabled on the device by default," it continues. An attacker does not need physical access to the device. Apple did not respond to multiple requests for comment. Some may think that requiring an Apple ID and password would make this attack fairly low risk, but that overlooks the complex threat many targets, especially victims of domestic violence, may face. An abuser can force a victim to give up their password; an attacker could provide the target with a pre-registered phone; or perhaps a married couple already shares passwords.

"You'll discover the thuth [truth] in a matter of matters," the caption of the affiliate YouTube video advertising Mobistealth's products reads. If you are concerned that consumer spyware may have been installed on your phone, here is some basic advice on what to do next. This piece has been updated to add that the monitoring solution likely would no longer work if the Apple ID password was changed.

Tags:
iCloud iOS surveillance
Source:
Motherboard
1913
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015