Hacker deploys mobile device management system which acts as malware to take control of iPhones

If you are an iPhone user, beware: cyber crime and intelligence agencies have started tracking an operation that hijacks iPhones in India.

Senior cyber crime officials confirmed to The Hindu that they had recently been alerted to the activities of a hacker based in India who deploys a mobile device management (MDM) system on targeted iPhones.

Steals messages

An MDM system grants its operators control over devices on which it is installed. In this case, it acts as malware that corrupts messaging applications WhatsApp and Telegram on the infected phones, giving the hacker access to the target’s messages.

Sources said that based on the study of the logs left behind by the malware, in use since August 2015, the hacker had ‘enrolled’ at least 13 iPhones, all based in India. “Information suggests that the hacker is using an Indian cell phone number, with the roaming facility not enabled, which leads us to believe that the hacker is based in India. There were also attempts to mislead by using a Russian email platform to issue the certificates to the target users’ phones, a known tactic employed by hackers to avoid detection,” a senior Cyber Crime officer said.

On July 12, Cisco Talos, a commercial threat intelligence group, had published details of this malicious operation, assessing “with high confidence” that the brain behind it is based in India. They found that the MDM was designed to send photos and messages from the victim’s phone to another server.

Since installing an MDM involves the user having to click ‘accept’ several times, Talos assumes that the hackers either had physical access to the phones, or used social engineering techniques to convince the victims that what they were installing was kosher.

Coordinated efforts by all stakeholders are under way to counter the threat, officers said.

Meanwhile, it is important for iPhone users to not click on unverified links and refrain from sharing sensitive data through messages.

“Any user whose device has been ‘enrolled’ by the hacker can face a variety of crimes, including data theft, hacking of bank accounts or blackmail. The hackers themselves do not have to be interested in any of these crimes. They just have to sell them on the dark net to the highest bidder looking to commit such crimes,” the officer said.

In June, the Property Cell of the Mumbai Police Crime Branch busted a racket where debit and debit cards of foreign nationals were being cloned by a gang of Indians.