Democracy and free speech activists worldwide have something new to worry about--cyberwarfare via iTunes. A reporter for a German magazine caught a British security firm boasting about how they can use Apple's megapopular software to infect target computers with malware on behalf of foreign governments. At a booth this past September at Germany's Cyber Warfare Europe conference, representatives from Gamma International UK showed how their FinFisher product service could insert spyware via iTunes at the request of intelligence, security, and police agencies worldwide.
The spyware takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive. Once installed on a user's computer, the spyware program redirected users' web browsers to a customized web page that pretended Flash was not installed on the user's computer. The "Flash" that the web page would install was in reality a sophisticated piece of spyware that sent info on a user's activities directly to foreign intelligence services.
The latest iTunes software update, 10.5.1, was released on Monday, November 14, and appears to have fixed the exploit FinFisher used. Apple's launch of 10.5.1 roughly coincided with both the Der Spiegel article, and the release of a massive cache of documents on widespread Internet surveillance by the Wall Street Journal which includes detailed information on FinFisher and similar products. Most of the documents obtained by the Journal were distributed at a Washington trade show, ISSWorld Americas, which promises “intelligence support systems for lawful interception, criminal investigations and intelligence gathering,” which was held this past October. It is not known whether the timing of the iTunes software update was intentional. (An emailed request for comment prompted an autmomatic response from Apple stating the office was closed for the holiday.)
News of the iTunes exploit was broken by Der Spiegel's Marcel Rosenbach, who wrote a German-language report on Gamma's product. Rosenbach openly compared the surveillance methods offered by FinFisher and Gamma International to those used by cybercriminals. Once FinFisher's trojan horse software took advantage of the iTunes security hole and tricked users into installing spyware, outside observers would be able to monitor Skype conversations--even if encrypted--and monitor all text/image web traffic, including both Twitter and Facebook.
That precise scenario played out during the recent Egyptian revolution that ousted President Hosni Mubarak. Human rights protesters found documents connecting Gamma to the feared Mubarak-era State Security Investigations (SSI) service. A cache of invoices and brochures posted by Cairo blogger and physician Mostafa Hussein to the Posterous microblogging service revealed that Gamma offered to sell more than $375,000 in software, hardware, installation, and training services to the SSI (which was accused of routine torture of prisoners by the United Nations). Accompanying documents, written in Arabic, showed how FinFisher and sister software FinSpy could be used to snoop on the email, Facebook, and Skype accounts of dissidents. The documents were obtained during a raid on the SSI headquarters by a large posse of regime opponents.
It is unknown whether Egyptian state security ever purchased Gamma's products; the ISS was dissolved following the Egyptian revolution. According to Der Spiegel, attendees from the governments of Malaysia, Indonesia, and the United Arab Emirates were on the trade show's participants list. Speakers at Cyber Warfare Europe included officials from the United States military, NATO, and the British Defence Ministry.