Encryption vs. Predator: How common security tools defeat commercial spyware

Sep 25, 2023


iVerify Team

Earlier this year, former Egyptian MP Ahmed Eltantawy clicked on an HTTP link. Because it wasn’t secure (HTTPS), his communications were not encrypted in transit. They were re-routed to a device on the border of his wireless carrier in Egypt and his phone was infected with Predator spyware. Predator collects a wealth of sensitive data, from text messages and call records to location information. It can even secretly activate the device's camera and microphone. Scary stuff. Yet, as sophisticated as Predator malware is, it is easily defeated by common and easily accessible security features.

Understanding the Threat

Two recent blog posts from Google's Threat Analysis Group and Citizen Lab shed light on this and other sophisticated spyware attacks targeting individuals in Egypt. These attacks typically begin with a carefully crafted phishing message or a malicious link that, when clicked, initiates the installation of spyware on the victim's device. But in this particular case the attackers abused mobile networks providers to execute an even more pernicious attack. When users visit unsecured web pages (HTTP), or Apps on their device make unsecured requests, an attacker in the network (MITM) can inject malicious traffic and thus execute code on the device’s web browser, without requiring any kind of user action.

Reducing the Attack Surface

The attacks, which exploit zero-day vulnerabilities, emphasize the importance of 'reducing the attack surface'. Turning on Apple's Lockdown Mode is one way users can protect themselves against Predator; however, Lockdown Mode also significantly reduces the functionality of the phone. A simpler alternative would be to take advantage of iVerify's ability to force HTTPS connections. By forcing HTTPS connections, and denying unsecured HTTP connections, iVerify mitigates MITM attack scenarios on unsecured traffic, without degrading the user experience. 

The Role of VPNs

Furthermore, using a VPN can provide an additional layer of protection against these attacks (when the VPN server is located outside the targeted country). A VPN encrypts the internet traffic from your device, making it significantly harder for malicious actors to intercept and exploit your data. If you are looking for a strong VPN, and don't mind doing a bit of work to get it up and running, we recommend Algo from Trail of Bits.

‍In short, iVerify’s lightweight but powerful mobile security solution, combined with employing a trusted VPN service, can significantly bolster your device's defenses against Predator.

Rocky Cole, co-founder & COO

Matthias Frielingsdorf, VP of Research