For those that believe that Apple’s industry leading smartphone is impervious to viral or spyware infections then it would be the right time to brace yourself for some bad news that it just isn’t the case. A mobile variant of the commercial FinFisher spyware, produced by the United Kingdom-based Gamma Group, is capable of assuming control of a range of popular smartphones, including those made by Cupertino-based Apple and struggling technology company, Research In Motion (RIM).
According to a recent study from Citizen Lab of the Toronto Munk School of Global Affairs, the spyware in question has the capability to track the location of the device using the embedded GPS hardware, monitor incoming and outgoing e-mails and text messages, and perhaps the most frightening one: it can toggle the microphone of the device on or off to listen to what’s happening at any given time. As part of the research, the team involved hoped to demonstrate the reach that this type of spyware has and how it can be used to effectively track the every move of the unaware user.
There has only been a few collected code samples of the spyware in action on mobile devices and that should raise an alarm considering it looks like it is compatible with all major mobile operating systems, including iOS, Android, Symbian, Windows Phone and BlackBerry. It is even more concerning that the research into the available code samples of the mobile variant of the Trojan suggest that it is able to get onto the devices through specially created e-mails that are opened inadvertently by the owner of the device. Although sighted on most major mobile platforms, the iOS version of the modified spyware seems to be executable on devices running iOS 4 and above, which doesn’t really bring any comfort, considering the large percentage of users who are running one of those firmware versions.
The virus also manages to make itself well and truly at home by downloading code in the background without the user’s knowledge before injecting the downloaded code into background processes that are executed during startup. The virus also seems to identify itself in different ways depending on the platform that it is found on. On iOS, the binary references show as "FinSpyV2", in Android it shows as "Android Services" and Symbian it shows as "System Update".