

Jailbreaking not a requirement for infecting iPhones with Hacking Team spyware - xasos
https://blog.lookout.com/blog/2015/07/10/hacking-team/

======
chainsaw10
So, apparently they created an app with an enterprise certificate that has a
transparent icon in the newsstand app.

The enterprise certificate (now revoked) bypasses the App Store review, as is
well understood.

However, the app still needs permissions. It asks for permissions. So, if I'm
reading correctly, it would require physical access to activate.

Not quite as scary as the title would show. I'd say "install" rather than
"infect" because there seemingly, unless I missed something (which it's
possible I did) there's _no actual exploit involved_.

If you let someone else run software on your device, and allow them to grant
permissions, then obviously they can steal your data. The only reasons that
make this notable are the enterprise certificate and transparent icon. (And of
course the source)

So read the article, but the title is a tad misleading.

EDIT: Thinking about it some more, I should point out that the article is
fairly well written. Also, we consider computer spyware that doesn't use an
exploit an "infection", so I guess it's valid, but still misleading. Great and
informative article though.

