| Recurring |
one_organization, multiple_organization |
(a) The software failure incident has happened again at one_organization:
The incident of malicious surveillance software targeting Android and iPhone users has happened again with the same organization or its products. The article mentions that the new iPhone spyware app shares a similar structure to the malicious Android app called Exodus, which was flagged by security experts in March [83189]. This indicates that the software failure incident has occurred again within the same organization or with its products.
(b) The software failure incident has happened again at multiple_organization:
The incident of malicious surveillance software targeting Android and iPhone users has happened with multiple organizations or their products. The article mentions that the Android version of the spyware was hosted directly on the Google Play Store, while the iOS version abused an Enterprise Certificate issued by Apple to bypass the App Store's security checks [83189]. This indicates that the software failure incident has occurred with different organizations or their products. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the development of the malicious surveillance software targeting Android and iPhone users. The Android version of the spyware utilized an exploit to gain root access to the victim's device, exposing private information like user emails, cellular data, and Wi-Fi passwords [83189]. This design flaw allowed the spyware to access sensitive data on Android devices.
(b) The software failure incident related to the operation phase is evident in how the attackers set up phishing traps to trick users into downloading the spyware app. They disguised the traps as information pages for legitimate mobile telecom companies, such as Wind Tre SpA and TMCell, to deceive users into installing the malicious software [83189]. This operation tactic led to users unknowingly engaging with the spyware, showcasing a failure in the operation or use of the system. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident described in the articles is primarily within_system. The incident involves the development and distribution of malicious surveillance software targeting both Android and iPhone users. The spyware app covertly steals private information such as contacts, audio recordings, photos, videos, and real-time location tracking data from the victim's device [83189]. The Android version of the spyware utilized an exploit to gain root access to the victim's device, exposing sensitive information like user emails, cellular data, and Wi-Fi passwords [83189]. The iOS version of the spyware used techniques like certificate pinning to mask its network traffic, making it difficult to study [83189]. The developers abused an Enterprise Certificate issued by Apple to bypass the App Store's security checks and distribute the app directly to victims' devices [83189]. The incident also involved phishing traps disguised as information pages for legitimate mobile telecom companies to trick users into downloading the spyware [83189].
(b) The software failure incident also has elements of outside_system factors. Attackers set up phishing traps to deceive users into downloading the spyware, indicating an external manipulation to lure victims [83189]. Additionally, the misuse of Enterprise Certificates by the developers to distribute the spyware bypassed Apple's App Store security checks, highlighting an external factor that allowed the malicious software to infiltrate users' devices [83189]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case is primarily due to non-human actions, specifically the malicious surveillance software targeting Android and iPhone users. The spyware app covertly steals private information such as contacts, audio recordings, photos, videos, and real-time location tracking data [83189].
(b) Human actions also played a role in this software failure incident. Attackers set up phishing traps to trick users into downloading the spyware app, disguised as information pages for legitimate mobile telecom companies. Additionally, the developers abused an Enterprise Certificate issued by Apple to bypass security checks and distribute the app directly to victims' devices [83189]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles does not mention any contributing factors originating in hardware. Therefore, there is no information available about a hardware-related failure incident.
(b) The software failure incident reported in the articles is related to malicious surveillance software targeting Android and iPhone users. The spyware app covertly steals private information such as contacts, audio recordings, photos, videos, and real-time location tracking data [83189]. The incident involves the development and distribution of malicious software that bypassed security measures on both Android and iOS devices. The iOS version of the spyware abused an Enterprise Certificate issued by Apple to bypass the App Store's security checks and directly download onto victims' devices [83189]. This software failure incident is clearly attributed to contributing factors originating in the software itself. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. The incident involves the presence of malicious surveillance software targeting both Android and iPhone users. The spyware app covertly steals private information such as contacts, audio recordings, photos, videos, and real-time location tracking data. It can also remotely activate the device's microphone to listen in on conversations. The software was designed to steal sensitive data and was distributed through phishing traps disguised as legitimate mobile telecom companies' information pages [83189]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was likely due to poor_decisions. The malicious surveillance software targeting Android and iPhone users was designed to covertly steal private information such as contacts, audio recordings, photos, videos, and real-time location tracking data [83189]. The software was developed by a professional group and used techniques like certificate pinning to mask its network traffic, indicating a high level of sophistication in its design. Additionally, the attackers set up phishing traps to trick users into downloading the app, and the iOS version abused an Enterprise Certificate issued by Apple to bypass security checks and be downloaded directly onto victims' devices [83189]. These actions demonstrate a deliberate and calculated effort to deceive users and bypass security measures, suggesting poor decisions made by the developers behind the spyware. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the case of the malicious surveillance software targeting Android and iPhone users. The software, known as Exodus, was developed over around five years and exhibited sophisticated techniques to mask its network traffic, making it difficult to study. The software was believed to have been developed by the Italian video surveillance software company eSurv and another company it acquired called Connexxa [83189].
(b) The software failure incident related to accidental factors is seen in how the malicious surveillance software was distributed. Attackers managed to host the Android version of the spyware directly on the Google Play Store, while the iOS version abused an Enterprise Certificate issued by Apple to bypass the App Store's security checks. This misuse of the Enterprise Certificate was accidental, as it was intended for internal use only but was exploited by the developers to distribute the spyware [83189]. |
| Duration |
permanent |
(a) The software failure incident described in the articles is more of a permanent nature. The malicious surveillance software targeting Android and iPhone users was developed over around five years, indicating a long-term effort in creating and deploying the spyware [83189]. Additionally, the software was sophisticated enough to bypass security measures on both Android and iOS devices, showing a high level of expertise and planning by the developers [83189]. The fact that the software was able to steal sensitive information and evade detection for a significant period suggests a permanent impact on the affected devices and users. |
| Behaviour |
value, other |
(a) crash: The articles do not mention any instance of a crash related to the software failure incident. Therefore, it is unknown if the incident involved a crash [83189].
(b) omission: The software failure incident does not seem to involve the system omitting to perform its intended functions at an instance(s). The focus is more on the malicious behavior of the spyware in stealing private information rather than omitting functions [83189].
(c) timing: The incident does not relate to the system performing its intended functions too late or too early. The primary concern is the covert stealing of data by the spyware rather than timing issues [83189].
(d) value: The software failure incident does involve the system performing its intended functions incorrectly. The spyware app covertly steals contacts, audio recordings, photos, videos, and other sensitive device information, indicating incorrect behavior [83189].
(e) byzantine: The software failure incident does not exhibit the system behaving erroneously with inconsistent responses and interactions. The primary focus is on the malicious behavior of the spyware in stealing private information rather than inconsistent responses [83189].
(f) other: The behavior of the software failure incident can be categorized as unauthorized data collection and surveillance. The spyware app, disguised as a support application, covertly steals various types of sensitive data from the victim's device, including real-time location tracking data and the ability to remotely listen in on conversations using the device's microphone [83189]. |