Your iPhone may not be as safe from hacking as previously thought, security experts say

PUBLISHED : Friday, 07 August, 2015, 7:15am
UPDATED : Friday, 07 August, 2015, 10:03am

Hackers have been able to remotely break into and spy on Apple's iPhones, previously considered one of the world's most secure mobile devices, researchers revealed this week. 

According to experts, data leaked in the recent attack on Italian cybersecurity firm Hacking Team showed the firm had developed a comprehensive mobile spying suite, capable of targeting users of Android devices, Blackberries and iPhones. 

Hacking Team has gained followers and detractors alike for selling bespoke spying and surveillance tools to governments and law enforcement agencies around the world. 

READ MORE: As Android phones become major target for hackers, Google and Samsung to release monthly security fixes

Those spying tools have now been released into the public domain. 

"The apps are fully developed, an attacker only needs to configure command and control server URLs to deploy an attack," said FireEye senior director for mobile development Raymond Wei. 

On an iPhone, the spying app uses a bug in the device's code to replace an existing app with a version modified to monitor user behaviour and send information to the remote attacker.

"[The] app can gather sensitive information, including contact information, calendar reminders and events, photos, precise GPS coordinates, and send to the remote server," Fireye said in a statement.

The attack is based on exploiting Apple's enterprise app solution, which is designed to allow businesses to install private apps on their employees' devices. 

While Apple issued a patch for the exploit at the start of the year, this depends on users updating their devices consistently.

As of February 2015, the majority of iPhones and iPads were using iOS 8, the most recent version, but at least 25 per cent were using older versions, according to official Apple figures. 

Apple has long emphasised its greater security over rival Android, which Apple chief executive Tim Cook once called a "toxic hellstew" of vulnerabilities and security issues. 

Google was criticised earlier this year when it said it would not issue security patches for early versions of Android, which are still used as many devices cannot run the most up-to-date operating system and some manufacturers delay the update cycle. 

However, as mobile devices become ever more attractive targets for hackers, and attacks become more sophisticated, security should not be taken for granted regardless of the device being used, Wei said. 

"iOS certainly has other vulnerabilities. It's likely that other tools exist to exploit these," Wei said. 

Apple did not respond to a request for comment.