Spyware linked to the surveillance of politicians and activists around the world can block iOS camera and microphone recording indicators, overcoming a key Apple security feature, according to new research published Wednesday.
Starting with iOS 14, Apple has shown users a green dot to indicate an app is accessing their camera and an orange dot indicating the same for device microphones.
The new research from Jamf Threat Labs demonstrates how Predator spyware can stay hidden on targeted phones by “intercepting sensor activity” to hide the indicators.
Predator spyware has powerful “zero-click” capabilities and can infect phones with no engagement from the device owner. In July 2023, the U.S. Commerce Department placed its parent company Intellexa on its Entity List, a designation used to limit business activities by companies believed to pose risks to national security.
In December, Recorded Future’s Insikt Group published research showing that while use of Predator appears to have slowed, it is still active in some countries, including “likely” in Pakistan. Researchers also surfaced evidence of Intellexa operators in Mongolia, Angola, Saudi Arabia and Kazakhstan. The Record is an editorially independent unit of Recorded Future.
The capability to turn off indicators effectively blocks users from detecting spyware, keeping Predator stealth and enabling operators to spy on people through their microphones and cameras without their knowledge.
“A single interception point defeats both the green camera dot AND orange microphone dot simultaneously,” the report says. “The actual suppression mechanism is elegantly simple.”
Legitimate applications cannot turn off the indicators, which are shown in the status bar.
“Rather than simulating device shutdown, [Predator] selectively suppresses only the recording indicators while the device remains fully operational,” the report says. “This is more subtle — the user’s phone works normally, but they receive no visual warning that surveillance is occurring.”
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Suzanne Smalley
is a reporter covering digital privacy, surveillance technologies and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.
