In a groundbreaking development, Kaspersky, the renowned Russian cybersecurity firm, has introduced a novel technique empowering iPhone users to detect advanced iOS spyware, including notorious threats such as Pegasus, Predator, and Reign.
The Methodology: Analyzing Shutdown.log for Anomalies
The research, conducted by Kaspersky’s Global Research and Analysis Team (GReAT), unveils a lightweight method focusing on analyzing the Shutdown.log file within an iOS device’s sysdiagnose archive. This file contains crucial data related to each device reboot, allowing researchers to identify traces indicative of infections from sophisticated iOS malware, especially upon device restart.
Key Findings and Anomalies
Researchers observed “sticky” processes hindering reboots, a behavior linked to Pegasus infections, among other traces. Insights from the broader cybersecurity community regarding the behavior of these spyware strains were leveraged for identification.
Minimal Intrusiveness and Forensic Analysis
Kaspersky emphasizes the minimally intrusive nature of inspecting the Shutdown.log for potential iPhone infections. When combined with comprehensive forensic analysis tools like the Mobile Verification Toolkit (MVT), the log can provide reliable evidence of iOS malware.
Detection Tool for Users
To simplify spyware detection for users, Kaspersky has developed an open-source self-check tool available on GitHub (KasperskyLab/iShutdown). The tool, implemented through Python scripts, can extract, parse, and analyze the Shutdown.log artifact on macOS, Windows, and Linux systems.
Protective Measures Recommended by Kaspersky
Despite the sophistication of advanced iOS malware, Kaspersky recommends several protective measures for users to enhance their security:
- Daily Reboots: Regularly reboot devices to clear non-persistent infections.
- Lockdown Mode: Enable iOS 16’s Lockdown Mode to block known attack vectors.
- Disable iMessage and FaceTime: Reduce the exploit surface by disabling these services.
- Timely iOS Updates: Install the latest iOS updates rapidly to stay ahead of potential hackers.
- Caution with Links: Avoid clicking on suspicious links in messages and emails.
- Regular Scans: Periodically scan device backups and logs using security tools.
By incorporating these practices, Apple device owners can fortify their defenses against spyware and decrease the likelihood of successful attacks. While the Kaspersky-developed technique provides a valuable tool for detecting iOS spyware, a comprehensive approach that includes both proactive measures and vigilant analysis remains crucial in maintaining robust cybersecurity for iOS devices.
