What happens when you hack a cybersecurity researcher? Kaspersky, a Moscow-based security firm, presented new details regarding zero-day vulnerabilities in Apple products on Wednesday. Kaspersky researchers are calling this the most sophisticated attack they’ve ever seen, exposing a previously unknown hardware feature. The attack has been front of mind for Kaspersky researchers because it’s been used against them for the last four years.
“This is no ordinary vulnerability,” said Kaspersky’s Boris Larin in a research paper Wednesday. “What we do know—and what this vulnerability demonstrates—is that advanced hardware-based protections are useless in the face of a sophisticated attacker as long as there are hardware features that can bypass those protections.”
Advertisement
The vulnerability, which researchers call “Operation Triangulation,” was presented at a hacker conference in Germany this week. The complex attack starts with a malicious iMessage attachment, and it doesn’t even need to be clicked to start the process. Then, four distinct zero-day vulnerabilities are used to obtain full control over a device, transmitting microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers. This hack was potentially used against thousands of iPhones in Russia, according to Ars Technica, but exposes a hardware vulnerability in Macs, iPods, Ipads, Apple TVs, and Apple Watches.
Advertisement
Apple did not immediately respond to Gizmodo’s request for comment.
Hackers were able to bypass hardware-based memory protections that ensure a hacker can’t fully control an Apple device even if it accesses a device’s kernel memory, the core of iOS. This protection has rarely ever been defeated before but is present in Apple’s latest M1 and M2 CPUs. Researchers assume this hardware feature may have been used for debugging or testing purposes by Apple engineers, or that it was included by mistake. Apple has since patched these four vulnerabilities.
Advertisement
This specific hack against a small number of Kaspersky researchers came to light in June, but Russian cybersecurity officials quickly reported that thousands of government officials were also subject to similar attacks. The Russian government accused Apple and the US National Security Agency of colluding on this attack, but Kaspersky researchers, Apple, or the NSA have not confirmed these claims.
Though these bugs are now patched, researchers warn that zero-day vulnerabilities in the hardware of products, such as the one found here, suggest “a flawed approach.” Apple’s hardware systems seem to rely on “security through obscurity,” but as attackers get more advanced, Kaspersky alleges these systems will never truly be secure.
Services Marketplace – Listings, Bookings & Reviews