Microsoft and Citizen Lab discovered commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk individuals using a zero-click exploit named ENDOFDAYS.
The attackers targeted a zero-day vulnerability affecting iPhones with backdated and “invisible iCloud calendar invitations.” These invitiations received on iOS devices are automatically added to the user’s calendar without any notification or prompt, allowing the ENDOFDAYS exploit to run without user interaction and the attacks to be undetectable by the targets. The spyware also contains a self-destruct feature that cleans up various traces left behind by the spyware itself.
The spyware is:
– Recording audio from phone calls
– Recording audio from the microphone
– Taking pictures through the device’s front or back camera
– Exfiltrating and removing items from the device’s keychain
– Hijacking the phone’s Anisette framework and hooking the gettimeofday syscall to generate iCloud time-based one-time password (TOTP) login codes for arbitrary dates.
– Running queries in SQL databases on the phone
– Cleaning remnants that might be left behind by zero-click exploits
– Tracking the device’s location
– Performing various filesystem operations, including searching for files matching specified characteristics
Related Posts
Psychotherapy data breach victims demand higher compensation
Victims of Finland’s largest psychotherapy data breach are seeking higher compensation. In 2020, a hacker stole sensitive information…
September 16, 2024
British voter data breach exposes 40 million
The UK’s Electoral Commission leaked personal details of 40 million voters due to unpatched vulnerabilities in their Microsoft…
July 30, 2024
FBI: Stop using free public charging ports
The FBI has warned people to avoid free public charging ports, f.e. at airports and coffee shops. Hackers…
April 12, 2023