After publishing a blog post on spouseware, I started receiving many interesting messages about people claiming they were targets of spying attempts. Some of them had doubts about their partners spying on them, some of them worried that advanced attackers targeted them because of their publications and others were suspicious that their former employers were monitoring their activities through their device.
All these messages made me realize the tips I gave in the original post felt short in situations where a simple reboot would not suffice. All these tips were focused only on the "spouseware/stalkerware" aspect or "threat model" of these types of malware attacks. But I after receiving many of these messages with very unique situations, I decided to broaden the tips and "look-fors" on your devices.
Restoring your device
The most powerful and relatively easy way to "clean" your device is to restore it and set it as a new device. When you want to absolutely remove all traces of information and potential spying software from your device, this is probably your best option. When you restore your device, you're basically installing a new version of its entire operating system and removing the installed applications along with their associated data. To restore your device follow these instructions.
- To restore a device with the latest version of its operating system, it means that it has to be signed by Apple. And this process will guarantee the integrity of the software.
- A fresh install of the operating system (iOS/iPadOS) means it doesn't have any appliations installed by a user. In other words, no spyware.
- Since it's running the latest version of iOS/iPadOS, the chances of publicly available vulnerabilities are lower than old versions. (Note: That's not to say that the latest version of iOS/iPadOS doesn't have vulnerabilities. There's always the posibility of 0-days, you can read more about what 0-days are here).
- You won't have any data on your applications because you'll setup the device as a new one, without restoring from a backup.
- You need a computer with iTunes to restore the device. This might not be an obvious con. But if, for exmaple, you are on a business or leisure trip, you don't necessarily have to have your computer with you.
Use different devices for personal and work related activities
If you can afford to do so, having 2 or more different devices to separate your data. By "affording", I don't just mean the monetary implications; using 2 or more devices can also be inconvenient to carry with yourself, it's easier to misplace them or to be a target for thieves. This is a great way to separate the potential spying of your personal data.
This option might be better for instances where you think you're a target because of your views and/or your publications, or if you are worried that your employer wants to track you.
Your secondary device doesn't necessarily need a mobile line. You can tether your secondary device to your primarily and use its data plan and when available use WiFi. When you use your primarily device's data plan, use a VPN on your secondary device. This will help you isolate your data traffic from your primarily device. There are many VPN apps for iOS, both paid and free.
- Your personal data is on a complitely different device than the one you use for your "riskier" communications.
- If you don't have a mobile line on the secondary device, attack surfices like SMS don't apply to you.
- You can use only your primarily device for your more sensitive interactions.
- If you need to, you can decide to backup the messages and data you need and periodically restore that device once a week, or on whatever interval you want. (Note: don't backup the entire system, just the conversations and data you need and restrore the device and set it as a new device every time).
- It's expensive to have 2 or more devices.
- As I said before, it can be inconvinient to carry multiple devices.
- It's easy to forget, you're not to share data between devices, for no reason.
- If you have a mobile line for your secondary device, don't share it with anyone other than people you know. (Note: depending on who are you trying to protect against, these individuals might have the means to acquire this information anyways).
Check your device for MDM settings
MDM stands for Mobile Device Management, iOS MDMs can be used by businesses to manage devices provided to employees. Some companies allow users to bring their own devices (aka BYOD) and to allow these devices to be used to store and create company-owned data, they need to set a few restrictions. With an MDM administrators can set the minimum length of a device's password, they can preset the company's WiFi credentials, preset your email client and many other useful pre-configured settings. But they can also preconfigure a VPN or install Root Certificates that would allow them to sniff TLS-encrypted traffic.
Either knowingly or unknowingly you (or someone else) might have installed these settings on your device. To check if your device is under MDM (aka supervised) follow these instructions. If you find that your device is supervised, follow the instructions to restore it and set it as a new device.
Understand what iCloud backups mean for your data
Some people said that they had reasons to believe the attackers had access to their iCloud account. Similar to one of the cases I discussed on the spouseware post, the iCloud backups are powerful containers of your private data. Apple does a great job of protecting your data backed up on iCloud (you can read more about it here). But if the attacker manages to get your username and password and you don't have 2FA enabled, they can have access to your data.
One person asked me if they decided to disable iCloud backups, how could they still store useful information from a device that can be compromised at any point. This person has a setup where they use multiple devices (like I discussed above). But even if you only have one device and want to disable iCloud backups and manually backup data, here's how you can do it:
- Create a backup with iTunes, (scroll to find the instructions on how to create a local backup with iTunes).
- Use software like Elcomsoft Phone Breaker to extract information from your backup.
- Get the data you want to backup, for example your messages and images, and store them securely in an external hard drive.
The tips from the previous post still apply
- Always stay up to date with software updates for both iOS applications and iOS itself.
- Enable 2FA on your iCloud account. If you suspect of something, change your iCloud password as well.
- If, for whatever reason, you need to share your iCloud password with another person, make sure to change it after they don't need access.
- If a loved one gives you a device as a gift for no reason, make sure it's on the latest iOS version. Perform a full restore just to be safe.
- If your company gives you a device for work that is supervised, use it just for work, don't mix your personal data with work data.
This is not an exhausting list, these are steps to protect your devices I can think of on the matter. I'll keep updating this post with new tips if I learn about new techniques to protect users.
As always, if you spot something that is incorrect, let me know.