iPhones Compromised in a Sophisticated Four-Year Campaign Utilizing Potentially the Most Advanced Exploit Ever
New Revelations Unveil Intricate Four-Year iPhone Backdooring Campaign
In a recent presentation, researchers shared compelling findings about a sophisticated attack that successfully backdoored numerous iPhones over four years. The affected devices included those owned by employees of Kaspersky, a Moscow-based security firm. A key revelation from the investigation highlighted that the attackers achieved unprecedented access by exploiting a vulnerability in an undocumented hardware feature, known only to a select few outside of Apple and chip suppliers like ARM Holdings.
Kaspersky researcher Boris Larin emphasized the sophistication of the exploit and the obscurity of the targeted hardware feature, suggesting advanced technical capabilities on the part of the attackers. The researchers are actively exploring various possibilities for how the attackers discovered this feature, including accidental disclosure in past firmware or source code releases, or through hardware reverse engineering.
Despite a year of intensive investigation, several questions remain unanswered. The purpose of the hardware feature and whether it is a native part of the iPhone or enabled by a third-party hardware component, such as ARM’s CoreSight, remain unknown. The mass backdooring campaign, which reportedly infected iPhones in diplomatic missions and embassies in Russia, was brought to light in June.
Over at least four years, Kaspersky revealed that infections were delivered via iMessage texts, installing malware through a complex exploit chain without requiring any action from the recipient. The malware led to the installation of full-featured spyware, transmitting sensitive data, including microphone recordings, photos, and geolocation, to attacker-controlled servers. Although the infections didn't persist after a reboot, the attackers sustained their campaign by sending new malicious iMessage texts shortly after devices were restarted.
Further details disclosed recently indicate that the malware, dubbed "Triangulation," exploited four critical zero-day vulnerabilities, revealing serious programming flaws known to the attackers before Apple became aware of them.