According to Lookout and other research from Security Without Borders, the spyware appears to have been under development for at least five years. In delving into the technical details, Lookout saw evidence of a fairly sophisticated operation, suggesting that it may have been initially marketed as a legitimate package for the government or law-enforcement sectors. Analysis of the Android samples led the researchers to several samples of an iOS variant, which further examination revealed to be served up on clever phishing sites.
SAS 12222: Exodus Spyware Found Targeting Apple iOS Users
It is not common to use this program to distribute malware, although there have been past cases where malware authors have done so. The apps themselves dovetailed with the phishing sites, purporting to be help apps offered by the carriers. However, the apps were still able to use documented APIs to exfiltrate contacts, photos, videos and user-recorded audio recordings, device information and location data; and, it offered a way to perform remote audio recording, though this required push notifications and user interaction.
The iOS apps leverage the same C2 infrastructure as the Android version and use similar communications protocols. The good news is that Apple has revoked the affected certificates for this particular crop of apps. Exodus is thought to be tied to an Italian company called eSurv, based in Catanzaro, in Calabria, Italy. It publicly advertises products like CCTV management systems, surveillance drones, facial- and license-plate recognition systems — and is now under investigation by Italian authorities, according to local news reports.
Moreover, eSurv was once a business unit of Connexxa.
And finally, each of the recently found phishing sites contained links to metadata such as the application name, version, icon and a URL for the IPA file. A panel of experts will join Threatpost senior editor Tara Seals to discuss how to lock down data when the traditional network perimeter is no longer in place. They will discuss how the adoption of cloud services presents new security challenges, including ideas and best practices for locking down this new architecture; whether managed or in-house security is the way to go; and ancillary dimensions, like SD-WAN and IaaS.
The FTC has banned the sale of three apps — marketed to monitor children and employees — unless the developers can prove that the apps will be used for legitimate purposes. Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. Unfortunately, this app doesn't do a whole lot else on iOS devices. And it has baffling upcharges for location tracking and web filters, both of which come standard with other parental-control apps.
iPhone Surveillance: Using Apple Devices as Your Own Personal Spy Gadgets
We liked how this service doles out additional screen time for chores or good deeds. But you can't block apps on iOS, and there's no geofencing or call or text monitoring at all. Read our full Screen Time review. ESET Parental Control for Android sticks to one platform, but it doesn't shine even there, lacking text-message- and call-monitoring features.
The free app management and time management do work well, as do the paid location tracking and geofencing. That's because Kaspersky Safe Kids does more at half the price. MMGuardian has nearly every parental-control feature you might want, especially on Android, but the user interfaces are outdated and frustrating.
Both the iOS and Android apps offer location tracking and excellent web filtering. App management is strong on Android but primitive on iOS. On Android, the parent can read every text and block any number. Time management and screen-time scheduling are also Android-only. Read our full MMGuardian review. Evaluation Criteria We focused on apps that emphasize proactively setting up filters and limits before your child uses the phone rather than merely tracking activities after the fact. We took the following criteria into account:. We tested each app on every platform it supported twice, from installation to testing to uninstall.
iPhone Surveillance: Using Apple Devices As Spy Gadgets - ITS Tactical
We typically monitored activity from the MacBook Pro, but if apps offered control from a smartphone app, we tested those features as well. Calls and texts for monitoring purposes were made from a secondary Android device. Android parental-control apps remain more robust than their iOS counterparts in most cases, especially with regard to call and text monitoring. But new additions to iOS have closed the gap somewhat. We will note areas in which there are discrepancies in the functionality offered on each platform, but we are not providing distinct ratings and reviews for the iOS versus the Android version of each app.
Parental-control apps for mobile devices work best when they're part of a comprehensive approach to teaching your kids about behaving responsibly online. For that reason, we avoided testing apps that can run in stealth mode on a child's phone. There are many products that tout this capability, but some people use such services to spy not on their children, but on their spouses or on other adults, which is illegal in most U. In addition, we did not consider apps that offered the ability to record a child's phone conversations.
Exodus – a Mass Departure of Personal Info
State laws vary on the legality of recording someone without his or her consent, and no states allow the recording of phone calls without either party's consent. Norton, Kaspersky and ESET, which has its own parental-control app for Android, also make antivirus software, and many antivirus products have parental controls built in.
To see how well those controls stack up against the stand-alone services, please read The Best and Worst Antivirus Software for Parents. Tom's Guide. Jump To:. Best overall and great for iOS Top pick for Android Great parental control bargain Best multiplatform support Gets kids involved Does one thing very well Leaves room for improvement Full-featured but frustrating. Reasons to Buy Great design.
Norton Family Premier Top pick for Android. Reasons to Buy Wide feature set. Reasons to Avoid Clunky parental app. Kaspersky Safe Kids Great parental control bargain. Reasons to Buy Very affordable. Reasons to Avoid Confusing user interface. Qustodio Best multiplatform support. Reasons to Avoid Expensive.
OurPact Gets kids involved. Reasons to Buy Excellent design, navigation.
Reasons to Avoid Limited web filters. Screen Time Does one thing very well.