In the world of cybersecurity, Kaspersky is a household name.
The Moscow company specializes in detecting government-sponsored hacking attacks. In particular, Kaspersky has distinguished itself by revealing hacks sponsored by the Russian state and Western countries.
In this context, the company has just pointed out a new, highly sophisticated attack targeting Apple iPhones.
This unprecedented cyberattack succeeded in infecting “dozens of our employees’ iPhones,” says Kaspersky.
The malware is said to transmit private information, such as microphone recordings, images from instant messages, geolocation, and data about a number of other activities to remote servers, according to a June 1 report.a report.
It is worth noting that on the day Kaspersky’s report was published, the Russian intelligence service FSB accused the US National Security Agency and Apple. (AAPL) – Get a free reportFrom hacking iPhones of thousands of Russians.
No user action is required to infect IPhones
Kaspersky said it detected the breach at the beginning of the year by examining its employees’ iPhones. The spyware uses various vulnerabilities in iOS, Apple’s mobile operating system. The hackers then take control of the user’s iPhone.
Hackers hack into the phone via the iMessage feature. Basically, an iPhone user receives a message that contains a malicious attachment that automatically exploits one or more iOS vulnerabilities. What is remarkable is that the user does not need to click or open the message. No action is required from the victim.
“It is important to note that although the malware includes pieces of code that are specifically intended to erase traces of a hack, it is possible to determine whether a device has been compromised,” Kaspersky researchers say in their report.
Furthermore, if a new device is set up by migrating user data from an old device, the iTunes backup for that device will contain traces of the reconciliation that occurred for both devices, with the correct timestamps.
The devices were infected with what Kaspersky researchers described as a “fully functional APT platform”. APT, or Advanced Persistent Threat, refers to hackers with nearly unlimited resources that target individuals over long periods. APTs are always supported by governments.
Once the APT malware is installed, the initial message that started the infection chain is deleted. Spyware deployment is completely hidden and requires no action from the user.
Dubbed “Operation Triangulation,” this attack gets its name from the fact that the malware uses a technique known as “canvas fingerprinting” to detect the hardware and software installed on the phone.
Kaspersky recommends Lockdown mode
Eugene Kaspersky, CEO of the cybersecurity firm, detailed the campaign in a long Twitter thread that caught Elon Musk’s attention. Tesla (TSLA) – Get a free reportThe CEO was particularly interested in ways to avoid or circumvent the attack.
“Important: disabling iMessage will prevent iOS devices from a triangulation attack,” Kaspersky advises iPhone users.
“Is it safe to play iMessage? I think #malware found its way through,” one Twitter user asked.
Kaspersky replied: “It is better to disable it.”
It was then that Musk asked him if another feature that Apple introduced recently wouldn’t be more effective.
“Does this lock situation handle?” asked the billionaire.
Kaspersky replied: “Yes, we recommend disabling iMessage and enabling lock mode.”
Last September, Apple introduced Lockdown Mode, a special security setting in iOS. The functionality restricts usability and access to features that can be porous within services like iMessage and Apple’s WebKit.
Kaspersky researchers said that the first traces of “Operation Triangulation” infections dated back to 2019, and until June 2023, the attacks were continuing.
The company can’t tell if any of the vulnerabilities are “zero days,” which means they were unknown to Apple and had not been fixed in iOS at the time they were exploited.
Apple did not immediately respond to a request for comment. But according to a statement provided to other media outlets, the iPhone maker said Kaspersky’s results appeared to relate to phones running version 15.7 and earlier. The latest version of iOS is 16.5.
“We have never worked with any government to introduce a backdoor into any Apple product and we never will,” Apple told Wired.
Russian spy agency accuses Apple
in statementThe Russian Federal Security Service accused Apple of colluding with the US authorities, especially the National Security Agency, to hack thousands of Russians. The Russian agency has not confirmed its accusations and does not detail the aforementioned attack. This absence of detail makes it difficult to know whether the hack Kaspersky is talking about is the same one described by the Russian authorities.
“The information received by the Russian special services testifies to the close cooperation of the American company Apple with the national intelligence community, in particular the US National Security Agency, and confirms the stated policy of ensuring the confidentiality of personal data of users of Apple devices is the FSB said.
The FSB also said that it “discovered the infection of several thousand telephones of this brand. At the same time, in addition to domestic subscribers, facts of infection of foreign numbers and subscribers using SIM cards registered with diplomatic missions and embassies in Russia, including in the countries of the NATO bloc and aerospace Post-Soviet space, in addition to Israel, the Caribbean, and China, is revealed.”
The NSA did not immediately respond to a request for comment.