Am I Secure? app launched
May 1, 2024
Startup helps iPhone users fight back against Pegasus and other spyware
Hostile governments routinely use spyware to target victims' mobile devices. In April 2024 alone, Apple alerted iPhone users in 92 countries to active spyware attacks against them. Individuals and organizations have few options to protect themselves or to detect that they are under attack.
Numbers Station Inc., a North American cyber security startup, has released their second public product to combat mobile spyware. Am I Secure? is the only iOS app that uses a new technique that can detect active spyware infections from the latest versions of multiple spyware families, including the infamous Pegasus spyware developed by the Israeli firm NSO Group.
Since 2021, Numbers Station has been manually performing forensic analysis on the mobile devices of individuals that are at high risk of attack from spyware. Since manual forensic analysis is time intensive and not scalable, the analysis team looked for alternative solutions they could direct clients to but found none that were sufficient. Existing iOS apps use outdated and completely ineffective techniques that cannot detect modern spyware. With no existing products to recommend to those they were assisting, they developed their own.
Key Differentiator
All iOS apps operate within an "app sandbox", a restricted space within iOS that limits an app to accessing only its own data and specific data a user has provided permission to, such as contacts or location data. This is to ensure security and privacy. Due to these restrictions, no iOS apps, including security focussed ones, are able to directly access the operating system and other data necessary to perform an analysis of the operating system for spyware or malware. While some apps market themselves as antivirus solutions, unlike real antivirus solutions that run on Windows or macOS, they are not actually able to perform any traditional antivirus functions on iOS and these apps add little, if any, security value.
Am I Secure? bypasses the limitations of the app sandbox by having users of the app share iOS system diagnostic data with the app so access can be obtained. Without access to this data, no app can perform a proper analysis for spyware. Via the app, this data is then uploaded to Numbers Station's servers where it is analyzed and the results are reported back to the user within the app and, if spyware is found, to the email address tied to their account. No private user data such as messages or photos are contained within the system diagnostic data so user privacy is preserved.
Beyond detecting previously discovered and publicly known Indicators of Compromise (IoCs), Numbers Station's automated AI/ML augmented analysis goes deeper. It looks for any anomalies in the submitted data versus what is expected from a "known good" iOS device as well as comparing against other submissions from across the user base. Any anomalies are then manually analyzed by Numbers Station's mobile cyber threat hunting team to detect new previously unknown IoCs. Looking for publicly known IoCs only finds yesterday's spyware, spyware vendors rapidly change their spyware after public disclosure occurs to ensure prior IoCs are ineffective. Numbers Station's analysis techniques though will continue to find spyware as the anomalies they leave change but continue to stand out.
"For the first time, an effective detection solution is available for iOS users. Before you either had to accept you had no idea if your phone was compromised or hire a forensic expert to analyze it for you. With Am I Secure? we will increase how often these threat actors are caught targeting our society and this will enable further discovery of the vulnerabilities they use to gain access to devices so they can be fixed, cutting off the vulnerabilities they rely on to continue their operations." -- John S., CTO Numbers Station Inc.
Availability
Am I Secure? is available now on the App Store as a free download with an optional in-app subscription to enable spyware scanning. Without an in-app subscription, the app performs free security checks including detecting Man-in-the-Middle network attacks (MitM), the presence of keyboard loggers and advises the user on steps they can take to harden their device to stop an attack from being successful in the first place.
An enterprise version of the app will soon be available that will provide spyware scanning functionality to organizations while also performing the mobile device security policy audit, compliance and reporting functionality they require. This combined functionality not only greatly exceeds the security capabilities of existing mobile device management (MDM) offerings but can also come at a lower cost.
About Numbers Station Inc.
Numbers Station was founded in 2021 to initially address the problem of how spyware is most often installed on victims' devices, i.e. exploit chains delivered to mobile devices via end-to-end (E2E) encrypted messaging apps using malicious messages that a victim never sees. Numbers Station's first product, Numbers Station Messenger, was the first and still the only messaging app to allow for quarantining malicious messages and new message notifications without processing them at all. This ensures that the first stage of any “0-click, 0-day” exploit contained within would not be detonated and would be preserved for analysis while the user's device remains secure. The impetus for this capability was a member of the team being exploited by a nation-state level threat actor, likely due to their employment at the time, exploiting their device via a popular messaging app.
Numbers Station is currently working with an Africa based non-profit to deliver awareness and cyber security training to journalists in the Global South that are at risk of nation-state spyware targeting their mobile devices. Numbers Station also offers a limited number of free subscriptions for the app to assist civil society members that are at high risk of being targeted by spyware.
Numbers Station Inc.
support@numbersstation.app