The secrets of one of the world’s most prominent surveillance companies, Gamma Group, spilled onto the Internet last week, courtesy of an anonymous leaker who appears to have gained access to sensitive corporate documents. And while they provide illuminating details about the capabilities of Gamma’s many spy tools, perhaps the most surprising revelation is about something the company struggles to do: It can’t easily hack into your typical iPhone.
Android phones, some Blackberries and phones running older Microsoft operating systems all are readily penetrated by Gamma’s spyware, called FinSpy, which can turn your smart phone into a potent surveillance device. Users of the spyware are capable of listening to calls on targeted devices, stealing contacts, activating the microphone, tracking your location and more. But FinSpy has more trouble hacking into an iPhone, except when much of its built-in security has been stripped away through a process called “jailbreaking” -- at least that's what a leaked Gamma document dated April 2014 says.
This is good news for people with iPhones, and perhaps for Apple as well. But at a time of rising concern about government surveillance powers, it’s ironic that a different mobile operating system – Google’s Android, which many security experts say is less secure – has emerged as the global standard, with a dominant share of the world market. Android phones have more features. They come in more shapes, sizes and colors. And they’re cheaper. But, it’s increasingly clear, they are more vulnerable to the Gammas of the world, and from the police and intelligence services that use their tools.
The result is what might be called a growing “Surveillance Gap.” Some civil libertarians have begun pointing out that the people on the safer side of that gap – with stronger protections against the potential for government abuse – are the relatively affluent people who already favor Apple products. Those willing to pay a premium for an iPhone or iPad, perhaps for their design elegance or ease of use, are also getting disk encryption by default, an instant messaging system that resists eavesdropping and an operating system that even powerful surveillance companies have trouble cracking.
Such features don’t tend to star in Apple’s glossy marketing campaigns because most shoppers likely think little about security when choosing their consumer electronics. Yet the consequences can be serious if a government anywhere in the world decides to target you with FinSpy, or if a police officer or border patrol agent attempts to browse through your smartphone — or worse still, copy its entire contents for later examination.
“Technology can protect you from your own government. It can protect you from somebody else’s government. If you live in an authoritarian country, the disk encryption feature built into the [operating system] may be the thing keeping you safe,” Christopher Soghoian, the principal technologist for the ACLU, said in a speech last month. “It may be the thing keeping you from being beaten by the secret police. So it’s vital that these features reach average users.”
The Gamma Group, with headquarters in Germany and the United Kingdom, did not respond to an e-mail requesting comment and has kept quiet generally in the week since a Twitter account — with the obviously bogus name “Phineas Fisher@GammaGroupPR” — first appeared online. (Many of the documents also are posted on Netzpolitik.org, a German site the promotes digital civil rights.)
The files include prices lists for various surveillance products — FinSpy can cost governments nearly $4 million — as well as detailed descriptions of other spy tools and a 126-page user manual for FinSpy. Researchers and journalists combing through some of the leaked documents also have found evidence that FinSpy had been used against lawyers and activists in Bahrain. ProPublica reported it has been deployed on computers in the United States, Britain, Russia and many other countries as well.
Yet the user manual and other documents make clear that even powerful, expensive spyware such as FinSpy have their limits.
That’s why the choice of smartphones matters. The Android operating system is, by design, open-source software, which means that phone manufacturers and cellular carriers are free to add or subtract features — and in the process affect the security of individual devices. Apple, by contrast, controls the development of the hardware and operating system, and it manages what’s available in the App Store more aggressively than Google does for its Play store.
“Android is infinitely more exploitable than” Apple’s operating system, said Bart Stidham, a longtime telecommunications system architect based in Virginia. “Apple is the most vertically integrated technology company in the world. That means they have the ability to control every aspect of their devices, including the security... There are just huge swaths of Android that are outside the control of Google.”
There also are countless different Android phones circulating in the world -- different models by different manufacturers, made to work on different networks in different countries. And few of them are updated regularly with the latest version of the Android operating system, increasing the risk to all forms of attacks — from both criminal and government hackers.
“It’s a much more open ecosystem, which unfortunately makes it more vulnerable,” said Bill Marczak, a research fellow for Citizen Lab at the University of Toronto’s Munk School of Global Affairs who has tracked the use of government spyware. “If you don’t know what you’re doing, an iPhone is harder to screw up on.”
There are nuances to all this. Savvy users can activate disk encryption on Android phones by changing the settings. And all Android phones are much safer when users get their apps only from Google’s Play store rather than third-party stores, which are more likely to contain malicious software.
It’s also worth noting that just because Gamma Group has more trouble getting FinSpy onto iPhones doesn’t mean they are impregnable. A FinSpy user with access to what security experts call a “zero day” — a vulnerability that researchers discover in software and sometimes sell on the open market for significant profit— could get the spyware on an iPhone. Some researchers believe it may be possible to deliver FinSpy to an iPhone in other ways as well, especially if the operating system is not kept up to date.
Different surveillance companies may have better iPhone intrusion technology than Gamma. Or an intelligence service could hack into the computer that syncs up with an iPhone and deliver malicious software through iTunes, as Gamma reportedly has done in the past. Or maybe Gamma has found a new way in since that document was published in April. And plenty of Apple lovers, especially in other countries, jailbreak the iPhones in search of enhanced capabilites — and in the process open the door to FinSpy.
Yet for all that, the “Surveillance Gap” is there. Unless Apple somehow rallies in the face of Android’s global rise — or Google makes fundamental changes to the operating system’s security — the gap will only grow.
Editor’s Note: This post was updated on Aug. 12 to make clearer that iPhones remain vulnerable to FinSpy in some circumstances and to more fully describing the possible methods of attack.