

Advanced iOS virus targeting Hong Kong protestors - tshtf
http://www.reuters.com/article/2014/09/30/hongkong-china-cybersecurity-apple-idUSL2N0RV2D320140930

======
devindotcom
The original post describing the malware in detail:

[https://www.lacoon.com/lacoon-discovers-xsser-mrat-first-
adv...](https://www.lacoon.com/lacoon-discovers-xsser-mrat-first-advanced-ios-
trojan/)

Also worth noting is that they don't have an attack vector for it at present
or any evidence it's been deployed. Seems like an 'in development' version
that was latent on the control servers, since you have to jailbreak and get
the package through Cydia.

~~~
thefreeman
Thanks, this should really be the link. The current one is pretty fluffy.

~~~
sbuk
It's more than pretty fluffy; it's downright misleading.

------
joshwa
See also--android spyware app targeting Occupy Central protesters:

[https://code4hk.hackpad.com/Fake-Code4HK-Mobile-App-
HQXXrylI...](https://code4hk.hackpad.com/Fake-Code4HK-Mobile-App-HQXXrylI6Wi)

[http://www.scmp.com/news/hong-kong/article/1594667/fake-
occu...](http://www.scmp.com/news/hong-kong/article/1594667/fake-occupy-
central-app-targets-activists-smartphones)

------
dmishe
Ok so it's only jailbroken devices, again.

~~~
cskau
Still quite significant with older reports indicating more than a third of all
Chinese iPhones are jailbroken:

[http://technode.com/2011/05/03/around-35-percent-of-ios-
devi...](http://technode.com/2011/05/03/around-35-percent-of-ios-devices-in-
china-are-jailbroken-umeng-report/)

If you can trojan one in three iphones that's a hell of a severe security
issue.

~~~
dubcanada
Is it really their fault if people jailbreak devices? I tend not to think it
is.

~~~
MBCook
The entire purpose of a jailbreak is to bypass the security protections on the
device.

It should be a known risk. I imagine many people don't know (friend told them
"this is how you install this weird thing", "this lets you customize icons",
"this lets you get apps for free"), but this _is_ the purpose of jailbreaking.

~~~
m0dest
After spending some time in Hong Kong, these are the motivations that I've
seen for jailbreak:

1\. Piracy. Apps are expensive on iOS, but Hong Kong loves brands. Having an
iPhone is a fashion symbol. Also, access to pirated _content_ (video/music) is
a big deal in HK; content is often expensive or unavailable in the region.
Content piracy apps, such as BitTorrent clients, Baidu music downloaders, and
some MKV-friendly video players, are only available after jailbreaking.

2\. Carrier unlock. iPhones sold in Hong Kong are carrier-unlocked, but
imported iPhones are often carrier-locked. To force a carrier unlock, you must
jailbreak your phone. As a result, a lot of iPhones in HK are either
jailbroken to allow carrier unlock or use hardware-based SIM card hacks.

3\. Tethering. In HK, most data plans did not allow for free tethering (at the
time I was there). Jailbreak allows "illicit" tethering that uses the same
data plan, without informing the carrier about how the data is being used.

So, don't assume that jailbreakers are necessarily ignorant.

It's unfortunate that jailbreaking comes with non-obvious security
compromises.

~~~
M4v3R
All the points that you raised are either plain illegal (piracy) or against
terms of services you use (tethering). Not sure about carrier unlock in HK,
because for example in my country (Poland) it's legal to unlock your phone and
there's even this law that every carrier has to provide means to remove the
simlock off the device after the end of their contract.

------
dendory
I know it's an old argument, but they don't have an attack vector and thus no
known infection, because iOS is locked down, so only jail broken devices would
be at risk. Say what you will against Apple's tight control over their
ecosystem, but between keeping the NSA out of our phones data and things like
that ineffective, it'll keep being a plus for me.

~~~
saurik
Only "jailbreakable" devices are at risk: it doesn't matter if the exploit has
already been used or not, the issue is that an exploit is possible on your
device.

------
savoytruffle
My activist, iPhone-using friend in Hong Kong had not heard of this yet, as of
right now (like 11:30AM Hong Kong time)

------
c3d
Most people assumed that the Apple encryption was designed in reaction to NSA
intrusion into everybody's privacy. But it might also be a strong sales
argument in markets where intrusion into people devices is just normal.

~~~
probablyfiction
The encryption won't prevent spyware from reading information on an active
device. Once the user is logged into the device, the spyware will have access
to the OS. These are two separate issues.

------
igonvalue
> The code used to control that server is written in Chinese

Chinese is a programming language?

~~~
MBCook
I assume they mean variable names/comments/strings found in the program, but
you're right that was a poorly written sentence.

