SecureMac, Inc.

What is iOS Hermit spyware?

June 24, 2022

iOS Hermit spyware is a commercial-grade surveillance tool derived from a known Android surveillance tool. Learn more + how to stay safe.

What is iOS Hermit spyware?

Security researchers have found the mobile spyware Hermit being used in a government surveillance campaign in Central Asia. In their analysis, the researchers looked at spyware samples aimed at Android devices. However, they say an iOS version of Hermit exists as well.

What is Hermit spyware?

Researchers at Lookout say that they’ve found Hermit spyware deployed in a government surveillance campaign in Kazakhstan. Hermit is “enterprise-grade Android surveillanceware”. Based on samples from April 2022, the researchers say the spyware is most likely the work of “Italian spyware vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company”.

In other words, Hermit spyware is the same kind of commercial-grade surveillance product as Pegasus and FinSpy. Spyware manufacturers sell these tools to governments and law enforcement agencies, ostensibly to help fight crime and terrorism. But they are deeply problematic, because authoritarian governments use them to stifle political opposition, spy on human rights activists, and repress ethnic minorities. 

What can Hermit spyware do?

On an Android device, Hermit is capable of a wide range of surveillance activities, including:

  • Recording audio
  • Rerouting phone calls
  • Obtaining SMS messages, call logs, and contact information
  • Accessing photos
  • Accessing device location data

The researchers at Lookout were unable to obtain a sample of the iOS version of the spyware for analysis. Thus, it’s difficult to say exactly what Hermit could do on an iPhone. But if other iOS spyware variants are any indication, the range of surveillance capabilities is most likely comparable to what Hermit can do on Android.

How would Hermit spyware infect an iPhone?

iPhones are difficult to compromise, so it’s not clear how iOS Hermit spyware would actually infect a user’s device. However, there are several possible routes to infection.

The least likely (although most dangerous) would be an iOS 0-click exploit. In this case, malicious actors could infect a vulnerable device without any interaction on the part of the user.

A more likely scenario would involve some form of social engineering on the part of the bad guys. If a user can be convinced to install a Trojanized iOS TestFlight app or malicious mobile device management (MDM) profile onto their device, then an iPhone can effectively be “hacked” — albeit with some help from its owner!

How to stay safe from iOS Hermit spyware

In light of the most likely infection vectors on iOS, we’d recommend the following precautions for iPhone users concerned about Hermit spyware:

  • Never install apps from outside of the App Store. This includes sideloaded apps and TestFlight apps.
  • Don’t allow configuration profiles on your personal device. Go to Settings > General > Profiles & Device Management to check for them. If there’s nothing there, you don’t have MDM on your iPhone!
  • Review best practices for spotting and avoiding phishing attacks.
  • Always keep your iPhone’s OS and apps up to date. Turn on automatic updates so you don’t have to remember to update manually.

Get the latest security news and deals