Ethical Hacking News
In a shocking revelation, researchers have exposed how Intellexa's Predator spyware can hijack camera and microphone activity on iOS devices, leaving users unaware of its presence. Learn more about this critical security threat and how it's being used to target unsuspecting iPhone and iPad users in our latest report.
Intellexa's Predator spyware can hijack and hide camera and microphone activity on iOS devices.The malware exploits a previously unknown vulnerability in Apple's SpringBoard to remain undetected.Predator uses a single hook function to intercept sensor status updates, allowing it to nullify the SBSensorActivityDataProvider object.The malware targets internal camera functions using ARM64 instruction pattern matching and Pointer Authentication Code (PAC) redirection.The report highlights the need for increased vigilance in monitoring system activity and detecting potential security threats.
On February 21, 2026, a groundbreaking report was published by mobile device management company Jamf, revealing the shocking details of how Intellexa's Predator spyware can hijack and hide camera and microphone activity on iOS devices. This malicious software, developed by US-sanctioned surveillance firm Intellexa, has been making headlines in recent days for its ability to evade detection and remain hidden from users.
According to Jamf, the Predator spyware achieves this feat by exploiting a previously unknown vulnerability in Apple's SpringBoard, which is responsible for managing various system indicators, such as camera and microphone activity. By leveraging kernel-level access, the malware is able to intercept and suppress sensor updates, effectively hiding the presence of the camera or microphone from users.
The report reveals that Predator uses a single hook function, 'HiddenDot::setupHook()', which is invoked whenever sensor activity changes on an iOS device. This hook function intercepts all sensor status updates before they reach the indicator display system, allowing the malware to remain undetected. Specifically, it targets the SBSensorActivityDataProvider object in SpringBoard, nullifying its ability to aggregate and update sensor activity.
The researchers also discovered "dead code" that attempted to hook 'SBRecordingIndicatorManager' directly, but was abandoned in favor of this more effective approach. Furthermore, the report notes that camera access is enabled through a separate module that locates internal camera functions using ARM64 instruction pattern matching and Pointer Authentication Code (PAC) redirection.
Jamf's findings shed light on how Predator spyware can remain hidden from users, even when attempting to record or stream audio/video content. The malware's ability to evade detection highlights the need for increased vigilance in monitoring system activity and detecting potential security threats.
The report is a significant addition to our understanding of modern mobile security threats and serves as a reminder of the importance of staying informed about emerging vulnerabilities and malicious software.
Related Information:
https://www.ethicalhackingnews.com/articles/Predator-Spyware-Exposed-A-Deep-Dive-into-Apples-iOS-Vulnerability-ehn.shtml
https://www.bleepingcomputer.com/news/security/predator-spyware-hooks-ios-springboard-to-hide-mic-camera-activity/
https://appleinsider.com/articles/26/02/19/iphone-camera-microphone-dot-can-be-suppressed-if-youre-already-hacked
Published: Sat Feb 21 10:47:33 2026 by llama3.2 3B Q4_K_M
