Competing iOS security apps and existing Mobile Device Management (MDM) and  Mobile Threat Defense (MTD) solutions cannot detect advanced implants/spyware used by nation states, if they could you wouldn't see the attacks in the news. Due to iOS "sandboxing" of apps, including for MDM or MTD solutions, they cannot even access the data required to perform security analysis.

Existing Windows or macOS based solutions, where the iOS device is tethered to a laptop, only look for already public Indicators of Compromise (IoCs) and are a headache to use. Public IoCs might be useful for detecting historical attacks from a small number of threat actors but provide zero protection from the wide range of threat actors conducting sophisticated attacks today. IoCs can also be modified to be specific to each victim making public ones useless even for detecting historical incidents.

You want a solution that can detect the latest implants/spyware from the most advanced threat actors targeting your user base while ensuring no device data or knowledge of detected compromises leaves your government.

Numbers Station's iOS/iPadOS Standalone Analyzer was developed to address these requirements and is already used by multiple governments to protect the devices of senior leadership as well as regular agency/department staff. Our government clients have already discovered active operations against their devices running the latest versions of iOS.

The tool can run on a fully "air-gapped" network as well as a laptop with no external network access. Results can be tailored with varying levels of sensitivity or alerting for different users ranging from non-experts to cyber security forensic experts.

Use Cases

• Deployed on a laptop with the close protection detail of senior officials to perform routine checks of devices. "Basic" mode allows for non-expert use giving a clear spyware detected or clean response. Scans are fast and it takes less than a minute of a senior official's time to initiate a sysdiagnose and later share it with the laptop via AirDrop or a cable. Senior officials can see the results themselves, providing added assurance.

• Staff at a government agency upload sysdiagnose files to an internal file share where a once a day batch analysis is performed and results sent to in-house cyber security specialists for review.

• Alternatively, it can be paired with a custom version of our "for Work" app where the government client has the source code for the app and creates and controls the private key for end-to-end encryption of sysdiagnose data sent back for analysis, ensuring only the government client has access to the sysdiagnose files and performs all analysis in-house. The user experience is similar to our existing apps but with branding specific to the government client and distributed privately, not via the App Store.

Subscription to the Service Includes

• Copy of the Standalone Analyzer tool (for macOS), including updates, new detections and support for new iOS or iPadOS versions

  • • • If requested, assistance interpreting any results or findings of the tool or additional forensic assistance.

• Threat feed including private Indicators of Compromise (IoCs) for recently detected nation-state implants/spyware.

For further information, please contact gov@numbersstation.app from an email address tied to a government domain.