More than 36 hours after the huge cache of data from Hacking Team’s corporate network was dumped online, researchers are continuing to find surprising bits and pieces in the documents. Among them is evidence that the company had an enterprise developer certificate from Apple, allowing it to develop internal apps, but could not get its malware onto iOS devices.
On Monday afternoon, German security researcher Ralph-Philipp Weinmann posted on Twitter the details of the enterprise developer certificate issued to Hacking Team. That certificate would give Hacking Team the ability to sign iOS and OS X apps and distribute them internally to their employees. The certificate would not have given the company the ability to get signed apps into the App Store, but it shows that Hacking Team had the ability to gain some legitimacy with software companies.
Apple’s enterprise developer program is designed to allow individual enterprises, educational institutions, and other organizations to develop and sign iOS and OS X apps to be distributed to internal users. It’s a separate program from the normal app developer program, which gives participants the ability to get signed apps into the Apple App Store.
One of the main protections that Apple offers iOS users is the way that it vets and monitors the developers who write apps for the App Store. Those developers are required to have a code-signing certificate and Apple monitors the security and integrity of their apps. Apple has in the past revoked certificates and ejected developers from the program for various reasons. And on Tuesday Weinmann said that after checking the OCSP (Online Certificate Status Protocol) status of the Hacking Team developer certificate, he found that Apple had revoked it early that morning.
“Just did an OCSP check: Apple has revoked HT’s enterprise certificate. (Reason: keyCompromise, Revocation Time: Jul 7 03:38:10 2015 GMT),” Weinmann said.
Security researchers have long suggested that iOS is the most secure mobile platform available, both for the way that Apple handles its developer program and the defenses it has implemented in the operating system itself. Malware has never surfaced as a problem on iOS and the main security threat to users has been from malicious apps, especially on jailbroken phones. This fact was highlighted in one of the documents released as part of the Hacking Team dump. The document shows that the company does sell a license for its intrusion software for iOS, but the target devices must be jailbroken.
Jailbroken devices don’t benefit from the exploit mitigations and many other security protections in iOS and users can install apps from any source, not just the App Store. That makes the job of attackers, including those using intrusion software from hacking Team or other vendors, much easier.