An “evil” version of Skype is uploaded to an Apple iPhone. A whitehat hacker created a tool that automates the process of turning good apps bad and uploading it to a non-jailbroken device.
Apple is known for some of the safest smartphones, as the FBI has found all too apparent recently. However, if you have an iPhone its best to quickly install a genuine safety software, as appears in new software called Su-A-Cyder, which computerizes the creation of quick and dirty spyware.
As revealed in the video below, the tool is capable of revolutionizing an “evil” Skype application. In order to run the malware, the user must link a PC to an iPhone running any iOS, up until the latest Apple OS 9.3.1. Once Su-A-Cyder is administered it installs an app loaded with malicious features with some command line entries. In the proof of conception, the software not only matches the Microsoft-owned app, but also the contextual data is gently being tapped off, from GPS locations to contacts.
An aspiring iOS hacker needs just a little access to an unlocked iPhone and a decrypted version of any targeted app which could easily be picked up from a pirate store, even Google searches will give you variations to probe into.
Su-A-Cyder creator Chilik Tamir said that not only it adds mischievous competencies to the software but also connects to Apple servers, generates different application signing certificates for the app and re-signs it making it seem like “kosher”. Subsequently, it installs the new developer provision on the device and then installs the malicious application on it.
Although Apple is hardly at fault here but Tamir took the liberty to upload apps to iPhones for anyone with an Apple ID since he thinks it’s a cake walk to just get an ID and install software. If ever spreading malware gets caught, and Apple annuls their account, all they need to do is get a new email and a fresh ID and start re-creating iPhone spyware. Tamir chief architect for research and development at Mi3 Security added that anyone with a device is capable of turning into an evil entity. Any spiteful employee could easily grasp a co-worker’s iPhone and upload malware imitating corporate software like healthcare Apps etc.
The other apps will supposedly be safe at iOS but phone features can be accessed easily by misusing private application programming interfaces – the app code which allows external access to some features. However, a nasty Skype app could breach the user’s camera, or geolocation, which users mostly get conned for as it seems totally legit.
This malicious attack especially works for spying on one’s family. Several commercial malware types such as – mSpy and FlexiSpy as they are pretty alike having similar device requirements for accessing and uploading software. Those malware types are advertised as child monitoring applications though also malfunctioned as use on abused spouses.
Su-A-Cyder caters to those with zero expertise yet wanting not to pay for spying on their closed ones. For those with a strong passcode, Su-A-Cyder, or similar tools, might not pose a threat. But even the most secured and locked iPhones can have their Data breached as researchers have found a way around passcodes. Spaniard Jose Rodriguez, who has repeatedly uncovered iOS exploits in the past, got his way around accessing contacts and pictures on iPhone 6S and 6S+ devices, a flaw later fixed by Apple.
For now, the FBI is currently aiding police agencies to break into iPhones throughout America after it exposed an exploit that allowed it to access the 5C device allegedly owned by San Bernardino terrorist Syed Rizwan Farook.
Even it is dubbed as safe and secure even the giant Apple is vulnerable to hacking, we question the data safety on its competitor devices.