Hacking Team

Hacking Team is a company that "sells offensive intrusion and surveillance capabilities to governments and law enforcement agencies", including iOS spyware tools. The iOS spyware tools appear designed for targeting/attacking specific people, not for broad surveillance of the public.

Remote Control System tool (requires jailbreak)

In June 2015, security researchers published details about Hacking Team's iOS tool, discovered via reverse engineering it. This research got confirmed in July 2015 by a data breach that revealed Hacking Team's internal documentation and pricing for this tool and related tools.

The leaked "Remote Control System" documentation includes on page 7 a description of the iOS tool: it requires a jailbreak, it's compatible with iOS 4-8.1, and it provides monitoring of chat (Skype, WhatsApp, and Viber), location, contacts, and list of calls. It costs about $55,000, purchased in conjunction with supporting tools and services.

Other spyware tools for iOS also exist - for example, there is a MSpy spyware tool distributed via the BigBoss repository, which consumers can buy for $10-15 dollars a month. But with MSpy and other consumer-level spyware tools (there are several for iOS), you have to physically arrange for your target's phone to be jailbroken and then somebody has to manually install the tool.

Hacking Team tools for jailbreaking devices

Hacking Team has other pieces of malware for OS X and iOS that they can combine to ease the process of jailbreaking the device and installing the spyware, probably with the help of spearphishing attacks and other kinds of social engineering attacks.

This Wired article about last year's security research explains a little more:

"The iOS spy module works only on jailbroken iPhones, but agents can simply run a jailbreaking tool and then install the spyware. The only thing protecting a user from a surreptitious jailbreak is enabling a password on the device. But if the device is connected to a computer infected with Da Vinci or Galileo software and the user unlocks the device with a password, the malware on the computer can surreptitiously jailbreak the phone to install the spy tool."

Hacking Team may also have tools that help crack passcodes on iOS devices, since security researchers have done some research on that.

Will Strafach (User:ChronicDev) said on Twitter:

• "condensed summary of avoiding HackingTeam malware: 1. always use latest iOS version 2. if you jailbreak, don't use AFC2, set strong SSH pw"
• "the funny part is, jailbreaking neuters other aspects of security that someone like HackingTeam could take advantage of. but they do not."
• "reason HT does not take advantage of smarter tricks is that they do not target jailbreakers, rather, they use jailbreaks on vuln devices"
• "this is all quite easy to find in their docs, it baffles me to see "don't jailbreak" as the solution. it is not _at all_ the solution."
• "they are very clear that their client is meant to jailbreak the device of the victim. meaning they need physical access to your iOS device."
• "some say HackingTeam could use malware to infect your computer to silently deploy the jailbreak, but there is zero proof of that in dump."

Newsstand keylogger tool (doesn't require jailbreak)

This MacWorld article reports that Hacking Team also has spyware that doesn't require a jailbreak, via misuse of developer certificates:

"Researchers have also found so far that Hacking Team has a legitimate Apple enterprise signing certificate, which is used to create software that can be installed by employees of a company who also accept or have installed a profile that allows use of apps signed by the certificate. It was shown last November that an enterprise certificate combined with a jailbroken iOS device could be used to bypass iOS protections on installing apps. Further, Hacking Team had developed a malicious Newsstand app that could capture keystrokes and install its monitoring software."