New spyware found capable of taking over iPhones

The iPhone receives a fair amount of praise for its security features. The Massachusetts Institute of Technology says that the handset’s encryption is so good, that it’s tough for law enforcement agencies to perform forensics.

But this doesn’t mean it’s impenetrable, as hackers continue to find flaws. In fact, another big one was recently discovered in the form of spyware, which can take over the iPhone and give a user remote access to its contents…

Bloomberg has the scoop:

“FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc. (AAPL)’s iPhone and Research in Motion Ltd. (RIM)’s BlackBerry, an analysis of presumed samples of the software shows.

The program can secretly turn on a device’s microphone, track its location and monitor e-mails, text messages and voice calls, according to the findings, being published today by the University of Toronto Munk School of Global Affairs’ Citizen Lab.

People are walking around with tools for surveillance in their pockets,” says John Scott-Railton, a doctoral student at the University of California Los Angeles’ Luskin School of Public Affairs who assisted with the research.”

To be clear, the Gamma Group has been making this kind of spyware for desktop computers for a while now. It’s just that no one was really aware that the powerful tool had gone mobile. And from the sounds of it, the handset doesn’t need to be jailbroken or rooted for the software to work, which means that pretty much anyone can be targeted.

An iPhone can become infected with the FinSpy trojan by being tricked into going to a Web link and downloading the malware, which can be disguised as something other than FinSpy. Gamma says that this process can be as simple as sending someone a link that looks like its from the phone-maker, with a message like “please install update.”

Keep in mind that this dynamic software is only sold to, and used by, government agencies for law enforcement purposes. But it’s still kind of creepy that it exists. And we might have never known about it if it hadn’t been for the research from the aforementioned universities. It was meant to be a secret, which actually makes it all the more creepier.

Microsoft says its anti-malware software in the latest version of Windows Phone blocks the FinSpy trojan, but it sounds like older Windows Mobile handsets are still susceptible. It encourages users to avoid clicking links or downloading software from unknown sources. RIM offers a similar warnings to its users, who are also vulnerable to the spyware.

Both Apple and Google declined to comment.