Hermit Spyware - Apple stops iPhone spying by revoking certificates

Italian software company RCS Lab has a software called Hermit developed to spy on users of smartphones. Hermit can be installed via sideloading on both iOS and Android. Anyone who becomes the target of espionage will receive an important-looking message or SMS with a link. If this link is tapped and the installation of the telecommunication or messengerApp camouflaged spyware, data can be tapped. This includes audio from the microphone, photos, messages, emails and location. In addition, calls can be diverted. Apple was able to block Hermit by blocking the software certificates.

RCS Lab's Hermit Spyware from Italy can be used to spy on iPhones running iOS and Android smartphones. However, Apple has now stopped sideloading software. Details and additional sources can be found here.

RCS Lab's Hermit Spyware from Italy can be used to spy on iPhones running iOS and Android smartphones. However, Apple has now stopped sideloading software. Details and additional sources can be found here.

How does Hermit Spyware get on the iPhone?

Apple is actually strictly against sideloading and speaks out against downloading apps outside of the iOS App Store at every opportunity. However, there is the option for companies to install specially certified apps from outside the app store on their company iPhones. And it is precisely this loophole that RCS Lab has used for its Hermit spy software. The application, disguised as an app for regular communication, then served the purposes mentioned above. According to 9to5Mac ( here) the software was bought by people close to governments. People from Italy and Kazakhstan were monitored with it. 

All details, technical background and codes are available from the Google Threat Analysis Group (TAG), which recently extensively uncovered the spyware: Spyware vendor targets users in Italy and Kazakhstan.

How did Apple contain the danger for iPhone users?

As mentioned above, there are specific certificates for companies sideloading apps. If an app or tool doesn't have this kind of permission, then it can't be used on iPhone, even in the secure sandbox environment. At RCS Lab, a corresponding certificate was obtained in order to get Hermit on Apple smartphones. To prevent this in the future, Apple revoked the certificate. It no longer legitimizes the software to install and run. This is another reason why it is always important to have the latest version of iOS installed. So that queries from security components meet the necessary requirements. 

Is there / was there a risk for the broad masses of iPhone users?

no Professionally developed spy software used by governments or government-affiliated entities is in many cases aimed at journalists, political opponents, activists and people who want to defend human rights. A broad or random use is not intended. From the well-known version of the Hermit spyware there is currently no danger because - as described above - infection via sideloading or execution on iPhones is prevented. Whether Apple will sue RCS Lab like it did NSO Group over the Pegasus Spyware, Time will tell.

What are your thoughts on the topic? Are you worried about spy software or stalkerware? Or do you think the iPhone with the latest iOS is safe enough not to worry about it? Feel free to leave a comment on the topic!

-

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published.