Our solutions currently protect the personal and state owned mobile devices of heads of state, prime ministers and cabinet officials from the most advanced cyber threats. The compromise of such a device could be catastrophic for your government and result in national security threats and weakened positions in international and trade negotiations. Attacks can also cause havoc via election interference and other attacks on democratic institutions. The risk is too high to ignore.

Why Network Monitoring Fails

Vendors of network monitoring solutions focus almost entirely on threats to Windows and Linux, not iOS/iPadOS devices. Due to extensive use of TLS certificate pinning by mobile apps, there is zero visibility of the threats. The initial exploitation vectors are also often delivered via apps that utilize end-to-end encryption, such as messaging apps. Yet another layer of encryption making network monitoring insufficient to detect threats or compromises.

Why Competing Apps & MDM/MTD Solutions Fail

Competing iOS security apps and Mobile Device Management (MDM) and Mobile Threat Defense (MTD) solutions cannot detect advanced implants/spyware used by nation states, if they could you wouldn't see the attacks in the news. Due to iOS "sandboxing" of apps, including for MDM or MTD solutions, these apps cannot even access the data required to perform security analysis. They simply ensure compliance to security policies, such as is a passcode enabled, is the device jailbroken and is the user running the latest version of iOS. A device that passes all of those checks is still vulnerable to nation-state threat actors.

The Android operating system can provide additional access to apps that a user can authorize that do allow for more security screening. Vendors often tout the features of their Android solution without mentioning the severe limitations of their iOS solution.

Competing Windows or macOS based solutions, where the iOS device is tethered to a laptop, only look for already public Indicators of Compromise (IoCs). Public IoCs might be useful for detecting historical attacks from a small number of threat actors but provide zero protection from the wide range of threat actors conducting sophisticated attacks today. IoCs can also be modified to be specific to each victim making public ones useless even for detecting historical incidents.

Our Solution

You want a solution that can detect the latest implants/spyware from the most advanced threat actors targeting your user base while ensuring no device data or knowledge of detected compromises leaves your government.

Numbers Station's iOS/iPadOS Standalone Analyzer was developed to address these requirements and is already used by multiple NATO governments to protect the devices of senior leadership as well as regular agency/department staff. Our government clients have already discovered active operations against their devices running the latest versions of iOS.

The tool can run on a fully "air-gapped" network as well as a laptop with no external network access. Results can be tailored with varying levels of sensitivity or alerting for different users ranging from non-experts to cyber security forensic experts.

Our tools do not rely on a list of known IoCs to check against, instead they analyze system diagnostic data to find anomalies. These anomalies are then analyzed and scored in level of severity and reported to the user. We do not require a list of already known IoCs since they would standout as anomalous anyway.

Use Cases

• Deployed on a laptop with the close protection detail of senior officials to perform routine checks of devices. "Basic" mode allows for non-expert use giving a clear spyware detected or clean response. Scans are fast and it takes less than a minute of a senior official's time to initiate a sysdiagnose and later share it with the laptop via AirDrop or a cable. Senior officials can see the results themselves, providing added assurance.

• Staff at a government agency upload sysdiagnose files to an internal file share where a once a day batch analysis is performed and results sent to in-house cyber security specialists for review.

• Alternatively, it can be paired with a custom version of our "for Work" app where the government client has the source code for the app and creates and controls the private key for end-to-end encryption of sysdiagnose data sent back for analysis, ensuring only the government client has access to the sysdiagnose files and performs all analysis in-house. The user experience is similar to our existing apps but with branding specific to the government client and distributed privately, not via the App Store.

Subscription to the Service Includes

• Copy of the Standalone Analyzer tool (for macOS), including updates, new detections and support for new iOS or iPadOS versions

  • • • If requested, assistance interpreting any results or findings of the tool or additional forensic assistance.

• Threat feed including private Indicators of Compromise (IoCs) for recently detected nation-state implants/spyware.

For further information, please contact gov@numbersstation.app from an email address tied to a government domain.