With all of the recent talk about privacy, a company called WiSpear is selling a van that can hack your Apple iPhone or Android handset even if you are 500 meters (547 yards) away. The vehicle, named the SpearHead 360, is the brainchild of Tal Dilian, an Israeli who has made a name for himself in the surveillance industry. The SpearHead 360 uses 24 antennas to help it lock in potential devices to hack. Once that occurs, the system has four different methods to get the targeted handset to connect to its Wi-Fi interceptors in what is called a man-in-the-middle attack.
Besides allowing the operator of the vehicle to hack into your smartphone, the SpearHead 360 is equipped with four different kinds of malware to infect various operating systems including iOS and Android. Dilian also says he has access to a number of publicly unknown (or zero-days) iOS and Android vulnerabilities that leave a hole open for hackers to plant the aforementioned malware. And the van can be used to hack multiple devices running on the same or different OS, being used at the same location, all at the same time.
At a price of $3.5 million to $5 million, the SpearHead 360 is too expensive for local police departments. Accessories include a drone and a backpack (priced at $1.2 million) that can carry out the same attacks. The vehicle was recently displayed at the ISS World and Eurosatory conferences.
As you might imagine, staunch privacy defenders are aghast. What makes the van so lethal is that it uses exploits unknown to phone manufacturers, and two of the four Wi-Fi based man-in-the-middle attacks have never been disclosed. Considering that they are based on flaws in the Wi-Fi protocal, these attacks, at least for now, can not be defended against.
"This takes customers from detection all the way to full interception. I think it’s a game changer."-Tal Dilian, founder, WiSpear
"Hacking for surveillance exploits weaknesses in systems and services millions of people may use. At a time when promoting cybersecurity is becoming a global priority, the very last thing government agencies should be doing is prioritizing insecurity by hacking for surveillance. Government authorities concerned about cyber breaches and attacks should be throwing everything at making devices and networks more secure, not less."-Edin Omanovic, lead of the State Surveillance Program, Privacy International
So far, Dilian has yet to sell a single van, but he expects to ring up two to four of them before the end of the year.