Russian State Alleges Apple’s Involvement in iPhone iOS Zero-Click Attacks
Kaspersky Reveals Ongoing iPhone Hacking Campaign Exploiting iMessage Vulnerabilities
Russian cybersecurity firm Kaspersky has made a startling revelation regarding a persistent iPhone hacking campaign that exploits vulnerabilities in iMessage. The attack, involving zero-click exploits, enables hackers to install malware on iPhones without any user interaction.
The malicious message delivery takes advantage of a vulnerability that allows code execution, leading to the download of additional malware from the attackers’ server. While the message and attachment are subsequently wiped from the device, the malicious payload remains, running with root privileges. This grants the attackers access to system and user information, as well as the ability to execute commands.
Dubbed “Operation Triangulation” by Kaspersky, the campaign began in 2019 and is still ongoing. The cybersecurity firm is urging anyone with information about the campaign to come forward and share it.
To analyze the malware, Kaspersky used the Mobile Verification Toolkit to create filesystem backups of the infected iPhones. Despite the malware’s attempts to erase traces of the attack, signs of infection such as system file modifications, abnormal data usage, and the injection of deprecated libraries were discovered.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Trending: Recon Tool: Sniffer
Despite the seriousness of the allegations, the FSB has yet to provide any concrete evidence to support its claims. Previously, the Russian state had recommended its employees to switch away from using Apple iPhones and, if possible, avoid American-made technology altogether.
Kaspersky confirmed that its headquarters office in Moscow and employees in other countries were affected by the attack. However, the company stated that it cannot verify a direct link between its findings and the FSB’s report, as it lacks the technical details of the government’s investigation.
Apple responded to the allegations, categorically denying any collaboration with governments to insert backdoors into their products. The company stated that it has never engaged in such activities and has no intention of doing so in the future.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: email@example.com
The post Russian State Alleges Apple’s Involvement in iPhone iOS Zero-Click Attacks first appeared on Black Hat Ethical Hacking.