On March 27, 2023, the Biden Administration issued an Executive Order (EO) prohibiting government agencies from using and acquiring hacking tools, such as commercial spyware. According to senior administration officials, the order “is intended to grapple with the rapidly growing and lucrative international marketplace of cyber-intrusion tools that can break into someone’s phone—often with malware that doesn’t require the victim to click on a malicious link or attachment—and spy on them undetected for months or years.” (source: Wall Street Journal).
Yesterday, mobile spyware was the subject of two articles in the Wall Street Journal. In one of these articles, it was discussed how Russia supplies Iran with advanced cyber surveillance software, including mobile spyware. The Wall Street Journal stated, “Russia’s PROTEI Ltd has begun providing internet-censorship software to Iranian mobile-services provider Ariantel, according to documents published by the Citizen Lab, a University of Toronto-based research center. Citizen Lab said there is evidence that the PROTEI tools are part of a developing mobile-phone system that would “enable state authorities to directly monitor, intercept, redirect, degrade or deny all Iranians’ mobile communications, including those who are presently challenging the regime.”
This blog is not meant to convey any political messages, but I want to highlight the increasing threats facing government entities and corporations worldwide. It’s no coincidence that these two articles about mobile spyware appeared on the same day in one of the most trusted media outlets. This should be a wake-up call for all CEOs and CISOs. There is no denying that these threats are real and continue to be a growing problem, which isn’t just impacting government entities and high-profile targets like journalists and activists, but is a threat to all corporate employees. Mobile spyware is here to stay and continues to become more harmful.
Have You Checked Your Device for Spyware?
Let’s explore what spyware can do once it’s on your device. Mobile spyware can track a user’s location, access their contacts, read SMS and other messaging application messages, record sounds and videos, log keystrokes, and record live video and voice conversations, among other things. There are hardly any differences in the capabilities of state-sponsored spyware versus others that come with applications that are sideloaded or from third-party app stores.
The installation methodology is the real difference in sophistication. Highly sophisticated spyware like Pegasus and Predator can be installed without user interaction. For instance, the Predator “spyware-for-hire” surveillance software uses a malicious link as the initial vector to drop a payload in the device, which is used to install the spyware. However, spyware can be installed through other mechanisms, such as social engineering and phishing tactics, rogue Wi-Fi networks, and malicious apps. Regardless of how it’s installed, spyware is dangerous for every corporation.
Several government agencies and commercial organizations are seeking ways to protect against spyware by banning specific applications on their mobile devices. Although it’s a step in the right direction, it’s not scalable. Security teams have very limited visibility into which devices have these rogue or “banned” applications installed. Additionally, many instances of spyware come in the form of an SDK, which can be installed in hundreds of applications. Lastly, new spyware is being released every day, making it nearly impossible to keep track of. In 2022 alone, Zimperium zLabs discovered over 3,000 new samples of spyware.
How Zimperium Mobile Threat Defense (MTD) Can Help
To understand your risk posture and defend against mobile spyware, corporations need a solution that can proactively protect against the initial attack vectors, such as rogue Wi-Fi networks, phishing, and malicious or sideloaded apps. The solution must be able to identify and block traffic to these malicious backends, even if the spyware is in the form of an SDK inside another approved application.
Government entities and corporations using the Zimperium Mobile Threat Defense (MTD) solution are protected from spyware and associated installation mechanisms. Zimperium’s unique phishing protection is a crucial security feature to prevent users from clicking malicious links via our on-device threat detection engine, delivering privacy focussed on device zero-day detection.
To ensure your employees and enterprise are protected from spyware and other pervasive mobile threats, contact us today.
