Compliance Management, Malware, Privacy

Spying on iPhones a cinch with ‘Su-A-Cyder’ homegrown malware kit

If you've got a hankering for spying on Apple iPhones and the Federal Bureau of Investigation (FBI) isn't around to apply its newly found way of cracking the devices, Mi3Security Chief Architect for R&D Chilik Tamir recently demonstrated at Black Hat Asia how his homegrown malware kit called Su-A-Cyder could do just that.

With an unlocked iPhone, a PC and a decrypted app in hand, a malfeasant could use Su-A-Cyder to create spyware. Tamir released a video that showed the automation tool being used to create a malevolent Skype app that ultimately steals a phone's data.

During his Black Hat presentation, Tamir noted that Apple requires all code for iOS-based apps be “properly signed with an Apple-provided certificate.” So replacing code, patching applications and repackaging iOS apps simply “should not be possible.” However, as the researcher's demo showed, Su-A-Cyder is not only able to introduce malware features into an app, but it also can generate and resign new signing certificates, eventually using the original app as a host, so all appears to be in order.

The ability to sidestep Apple's safeguards, of course, opens a whole host of security concerns for both enterprises and individuals,Tamir noted in his Black Hat presentation.

[hm-iframe width="560" height="315" frameborder="0" src="https://player.waywire.com/?id=6PX7M526R76ZPYRW"]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds