Originally reported by BleepingComputer
TL;DR
Intellexa's Predator spyware can hook iOS SpringBoard to hide recording indicators while secretly streaming camera and microphone feeds, bypassing Apple's privacy protections.
Commercial spyware capable of bypassing iOS security mechanisms to covertly record users represents a significant threat to mobile security and privacy, especially given iOS's reputation for robust security controls.
Intellexa's Predator spyware has demonstrated sophisticated iOS compromise techniques that allow it to covertly record device users without triggering Apple's standard privacy indicators. According to BleepingComputer's analysis, the malware hooks into iOS SpringBoard, the core system process responsible for the home screen and system UI, to suppress the recording indicators that normally appear when apps access the camera or microphone.
This technique represents a significant escalation in commercial spyware capabilities, as it directly undermines iOS security mechanisms designed to alert users when their device's sensors are being accessed. The ability to hook SpringBoard suggests deep system-level access that bypasses standard iOS sandboxing protections.
The spyware's approach involves intercepting the system calls responsible for displaying recording indicators in the iOS status bar. By hooking these functions at the SpringBoard level, Predator can:
This level of system integration requires significant reverse engineering of iOS internals and suggests the involvement of sophisticated threat actors with substantial resources.
The discovery highlights critical gaps in mobile device security, particularly for high-value targets who may be subject to state-sponsored surveillance. While iOS has historically maintained strong security boundaries, this research demonstrates that determined attackers with sufficient resources can develop techniques to bypass even fundamental privacy protections.
Security practitioners should consider this development when assessing mobile device security for sensitive environments, as traditional indicators of compromise may be insufficient to detect advanced spyware variants.
Originally reported by BleepingComputer