Backdooring iPhones using possibly the most advanced exploit ever
Researchers have uncovered new details about a sophisticated attack that backdoored iPhones over four years, particularly affecting employees of the Moscow-based security firm Kaspersky. The attackers exploited an undocumented hardware feature, unknown to most outside of Apple and chip suppliers like ARM Holdings, to achieve unprecedented access. The mysterious hardware function allowed the attackers to bypass advanced memory protections on Apple devices, enabling the installation of a complex spyware known as “Triangulation” through iMessage texts. The attackers utilized four zero-day vulnerabilities, impacting iPhones, Macs, iPods, iPads, Apple TVs, and Apple Watches. The campaign, revealed in June, infected devices with malware capable of transmitting sensitive data to attacker-controlled servers. The researchers, including those from Kaspersky, are still unsure of the purpose of the hardware feature and how the attackers discovered it. The attack chain involved exploiting multiple vulnerabilities, with the most significant being in the undocumented hardware function. Despite Apple subsequently patching the vulnerabilities, the researchers describe the incident as one of the most sophisticated attack chains ever observed, highlighting the ongoing challenges in defending against advanced threats. The attribution of the attack remains uncertain, with no conclusive evidence linking it to a known threat actor.
