Hamid Kashfi Profile picture
Apr 2 7 tweets 2 min read Read on X
A while back and following Apple’s notification about mercenary actors (Parsgon) targeting iOS, I got a hunch. After just two rounds of multicast to Farsi speaking folks, turns out there has been over a dozen cases (that reached back) who’ve received Apple or WhatsApp warnings!🧵
This is probably the first time that I’m aware of, we’ve such cases in Iran. Contrary to typical cases often reported, targets do not fit the typical political/journalism profiles. Mostly IT/Tech staff. My guess is more of targeted prepositioning ops and less espionage. Sadly—
most people spook out when they learn about the seriousness of their case and refuse help with forensic. One wonders why would Apple/FB would notify Iranian users or draw the line about interference with legitimate gov ops? In Iran, due to sanctions, Apple users use VPN for —
AppStore or most of their daily usage, or use virtual numbers to activate their iCloud. That might have caused some confusions at Apple. This makes me question accuracy ofApple’s internal profiling too. It’s relatively easy for them to figure our real location of users. So…? 🤷🏻‍♂️
Here’s where this can get ugly and the lack of transparency (rightfully so) from Citizen-labs or Apple backfires:
Some of the victims are trained to reach out to MoIS (or their in-org representatives) in such cases. Many also use older iPhone models. The combo means there’s more
chance of successful dump of a live implant or traces from devices, falling in hands of the last gov and agency on earth you want to have advanced iOS implant/exploit capabilities. This is just my theory at this point, but if a solo nobody like me can dig this far up, you bet -
they have much more possibilities to travel back in time/logs/dumps & acquisition of handsets. Bottom line is, full chain iOS/Android usage against devices in Iran, by non-gov actors, is not as rare as previously assumed. It’s just another unexplored rabbit hole nobody looked at

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Hamid Kashfi

Hamid Kashfi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hkashfi

Mar 6
If you end up in a situation you suspect your iPhone might be compromised, here are a few initial steps you can take to collect data/logs and do a preliminary and basic review: 🧵

⚠️DO NOT REBOOT/SHUTDOWN!⚠️

If you can't afford waiting, remove the SIM & disable WiFi

Then... 🧵
1. Take a Sysdianose snapshot and download generated log files from the device:

it-training.apple.com/tutorials/supp…

You can later analyze it using Sysgiagnose Analysis Framework:
github.com/EC-DIGIT-CSIRC…
2. Create an encrypted full backup of the device using iTunes.

it-training.apple.com/tutorials/supp…

You can later analyze it using the Mobile Verification Toolkit (MVT):

github.com/mvt-project/mvt
Read 7 tweets
Dec 12, 2023
#فارز هم از راه رسید! مبارکه!
قبل از اینکه دسترسی بهش فراهم بشه برای ارزیابی فنی زیاد گداخته اش نمیکنم، چون تکلیف این سناریوهای بومی و کیفیت خروجی اونها قابل پیشبینی هست کاملا.

اما به همین یه اسلاید رجوع کنیم. ادعا کردن روی کافه بازار عملیاتی شده؟‌خیلی هم عالی. ولی -- Image
فرض که ادعای تشخیص ۶۰٪ ای بدافزارهای موبایل هم نزدیک به واقعیت باشه، امیدوارم خود کافه یا پلیس برای خنده هم که شده نتیجه بررسی کل محتوای کافه بازار رو منتشر کنن :)

سوال دیگه اینکه اگر فارز اخیرا فعال بوده روی این همه پلتفورم و کار میکنه، پس اینا گیلاسه؟
برخلاف جریان فکری عمومی، بنظرم این پروژه اگر واقعا درست انجام شده باشه، یا حداقل بنا بر انجام باشه، کار خیلی خوبیه. ولی این یه اما و اگر فنی خیلی بزرگ و مهم و پیچیده هست که تو ایران ما نه تجربه خوب و قوی داریم براش، نه سابقه استمرار و تیم پشتیبانی فنی برای تحقیق و توسعه دراز مدت.
Read 16 tweets
Jan 14, 2021
Someone, somewhere in Russia has discovered a hardware implant in their iPhone (11?). It's pretty simple yet interesting. Dedicated SIM+MIC+GPS. Replaced stock battery with a smaller one to free up space for the implant.

IT EVEN BLINKS IN RED!!!

If you're not familiar with those little bugs, they're not new nor unusual. You can find them dirst cheap on Ebay or Alibaba, for as cheap as $15 and small enough to fit in a USB plug! But I can't recall any public case where one has been squeezed into an iPhone.
This seems to be what's being implanted there.
aliexpress.com/item/400002406…

To be honest, that level of work quality and precision is not something I'd expect from a state actor. It more looks like a cheap hack by a lower level group/organization.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(