Title: Unprecedented iPhone Attack Unveiled: Kaspersky Researchers Discover Undisclosed Hardware Exploit
In a groundbreaking revelation, researchers at Moscow-based security firm Kaspersky have unveiled new findings about a four-year-long attack on iPhones that specifically targeted their own employees. The attack, marked by its sophistication, allowed the perpetrators to gain unprecedented access to the devices by exploiting an undisclosed hardware feature that was largely unknown to the public.
The level of technical expertise displayed by the attackers has raised eyebrows within the cybersecurity community. Their ability to exploit this hardware feature suggests advanced capabilities, leaving experts questioning how the attackers became aware of it in the first place. Possible scenarios include accidental disclosure through past firmware or source code releases, or through reverse engineering of the hardware itself.
The exact purpose of this hardware feature remains a mystery. It is uncertain whether it is a native part of the iPhone or enabled by a third-party component. Russian government officials added that the mass backdooring campaign infected not only the iPhones of Kaspersky employees, but also targeted diplomatic missions and embassies in Russia.
The malware responsible for the infections was delivered through iMessage texts, effectively installing itself without requiring any action from the receiver. Once installed, the attackers were able to extract sensitive data, such as microphone recordings, photos, and geolocation information, from the compromised devices.
What makes this attack even more insidious is the ability of the malware, dubbed “Triangulation,” to persistently infect the devices. The attackers accomplished this by sending new malicious texts immediately after the devices were restarted, ensuring a continuous cycle of compromise.
The severity of the attack is underscored by the utilization of four zero-day vulnerabilities, programming flaws that were known to the attackers before being discovered by Apple. These vulnerabilities affected not only iPhones, but also other Apple devices such as Macs, iPods, iPads, Apple TVs, and Apple Watches.
Apple has since patched all four vulnerabilities in response to the attack. However, the detection of the infections continues to be challenging for even the most seasoned experts in the field. A list of indicators of compromise has been compiled to aid in the detection and mitigation of the attack.
Perhaps most intriguingly, the success of the attack can be attributed to the exploitation of the undisclosed hardware feature. This allowed the attackers to bypass advanced hardware-based memory protections, designed to safeguard device system integrity even if an attacker gains access to the underlying kernel. By leveraging this vulnerability, the attackers were able to perform critical post-exploitation techniques.
Kaspersky researchers only discovered the secret hardware function after months of extensive reverse engineering of the compromised devices. Critical to note is that the MMIO addresses used by the attackers to bypass the memory protections were not identified in any device tree or mentioned in source codes, kernel images, or firmware.
This revelation has prompted discussions within the cybersecurity community about the sophisticated lengths to which attackers are willing to go to breach security measures. As the investigation into this unprecedented iPhone attack continues, industry experts remain vigilant in their pursuit to enhance device security and protect users from such malicious exploits.