source- Getty Images
In a recent revelation, researchers have unearthed startling details about a clandestine attack that infiltrated numerous iPhones for over four years, notably compromising the devices of employees from the Moscow-based cybersecurity firm, Kaspersky. The crux of these findings is centered on the attackers’ ability to achieve an unparalleled level of access by exploiting a vulnerability within an undocumented hardware feature—a knowledge confined to a select few, primarily Apple and chip suppliers like ARM Holdings.
The Intricacies of the Attack
Kaspersky researcher Boris Larin expressed astonishment at the sophistication exhibited by the exploit and the obscurity surrounding the hardware feature. Larin’s email underscored the advanced technical prowess of the assailants. He noted, “Our analysis hasn’t revealed how they became aware of this feature, but we’re exploring all possibilities, including accidental disclosures in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.”
Unanswered Questions and Ongoing Investigations
Despite a year-long intensive investigation, key questions persist. Larin highlighted the ongoing mystery surrounding the purpose of the hardware feature. Additionally, the researchers remain in the dark about whether this feature is an inherent component of the iPhone or if it’s enabled by a third-party hardware element, such as ARM’s CoreSight.
Mass Backdooring Campaign
The clandestine campaign, which purportedly breached iPhones of numerous individuals within diplomatic missions and embassies in Russia according to Russian officials, first came to light in June. Spanning over four years, the infections infiltrated devices via iMessage texts, deploying malware through a complex exploit chain without requiring any action from the receiver.
The Impact and Persisting Threat
The infected devices became hosts to comprehensive spyware, enabling the exfiltration of sensitive data like microphone recordings, photos, and geolocation to servers controlled by the attackers. Although reboots erased the infections, the assailants perpetuated their campaign by sending new malicious iMessage texts shortly after device restarts.
Critical Zero-Day Exploits and Subsequent Actions
Newly disclosed details shed light on the “Triangulation” malware and its installation campaign. The exploit capitalized on four critical zero-day vulnerabilities, programming flaws known to the attackers before Apple was aware of them. Apple has since addressed all four vulnerabilities, tracked as CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990, through patches.
The unveiling of this sophisticated infiltration underscores the evolving landscape of cyber threats, emphasizing the critical need for continuous vigilance and swift responses from tech companies to safeguard user data and devices against such advanced attacks. As investigations continue, researchers strive to unravel the intricacies of the exploit and fortify defenses against potential future threats.