Israeli company Intellexa, according to business documents, offers several exploits for Android and Apple devices for millions of dollars.
The Israeli firm NSO Group’s infamous Pegasus solution has lately put the emphasis on exploit brokers and mercenary spyware vendors. Newer rivals to NSO include Intellexa, established by Israeli entrepreneur Tal Dilian.
On its website, the corporation states that its products assist government agencies defend communities through increased capacity for law enforcement and intelligence gathering. According to the corporation, it has six locations and research and development centers across Europe, making it a regulated European Union (EU) company.
On Wednesday, Vx-underground, a website that hosts malware code and other cybersecurity materials, tweeted screenshots of what appear to be documents from a business proposal from Intellexa talking about Apple iOS exploits and spyware up for sale.
The files, marked as private and proprietary, detail services for remote data extraction from Android and iOS devices. The service is tailored for remote browser-based vulnerabilities that can inject a payload into Android or iOS mobile devices with a single click. The description suggests that the victim has to click on a link in order for the attack to be activated.
The deal included a “magazine of 100 successful infections” and ten simultaneous infections for iOS and Android devices. A list of Android devices that an attack would effectively work against is also included in the leaked documents.
The vulnerabilities are said to be compatible with iOS 15.4.1 and the most recent version of Android 12, as detailed in the documentation.
Since iOS 15.4.1 was launched by Apple in March, it is safe to assume that the spyware offer is rather recent. Since then, there have been three security patches for the mobile OS. It’s conceivable that Apple has fixed the zero-day flaws exploited by the Intellexa iOS tool, but it’s also feasible that exploits provided by firms like Intellexa will stay unpatched for quite some time.
Although $8 million has been referred to as the cost of an iOS exploit, the buyer would receive far more value than that. The deal is for a whole platform that can examine the data stolen via exploits and comes with a 12-month guarantee.
Single-click vulnerabilities like the one reportedly being offered by Intellexa are in great demand, especially ones that can be used against widely-used platforms like iOS and Android. The most desirable kind, however, are zero-click ones, which can be executed without the end user’s awareness.
Vx-underground claims that the screenshots were published on the Russian-language hacker site XSS on July 14, however the papers themselves lack a date.
While there is a wealth of data accessible on the technical aspects of the vulnerabilities provided by spyware businesses, nothing is known about the prices they charge. According to a 2016 article published by The New York Times, the NSO Group charged clients $500,000 to install its software and $650,000 to breach 10 devices.
Of course, this comes as a dangerous development as these spywares and exploits have been used previously to target government officials. Cytrox’s Predator iPhone spyware was used to eavesdrop on a Greek politician last year and Intellexa was cited in a report by Citizen Lab. Citizen Lab defined the Intellexa Alliance as “a marketing label for a range of mercenary surveillance vendors that emerged in 2019,” and said that Cytrox was a member of that group.
Apple and Android manufacturers may choose to file a lawsuit against companies like Intellexa and NSO which prevents them from using their devices, services, and software. Apple is trying its best to patch-up any zero day exploits, but there is most certainly a range of vulnerabilities that are still up-for-sale by firms such as Intellexa.