Kaspersky discloses iPhone hardware feature vital in Operation Triangulation

Kaspersky discloses iPhone hardware feature vital in Operation Triangulation

Kaspersky’s GReAT team
discovered a vulnerability in Apple System on a chip, or SoC, that has played a
critical role in the recent iPhone attacks, known as Operation Triangulation, allowing
attackers to bypass the hardware-based memory protection on iPhones running iOS
versions up to iOS 16.6.

The discovered
vulnerability is a hardware feature, possibly based on the principle of security
through obscurity,” and may have been intended for testing or debugging.
Following the initial 0-click iMessage attack and subsequent privilege
escalation, the attackers leveraged this hardware feature to bypass
hardware-based security protections and manipulate the contents of protected memory
regions. This step was crucial for obtaining full control over the device. Apple
addressed the issue, identified as CVE-2023-38606.

As far as Kaspersky is
aware, this feature was not publicly documented, presenting a significant
challenge in its detection and analysis using conventional security methods. GReAT
researchers engaged in extensive reverse engineering, meticulously analyzing
the iPhone’s hardware and software integration, particularly focusing on the
Memory-Mapped I/O, or MMIO, addresses, which are critical for facilitating
efficient communication between the CPU and peripheral devices in the system. Unknown
MMIO addresses, used by the attackers to bypass the hardware-based kernel
memory protection, were not identified in any device tree ranges, presenting a
significant challenge. The team had to also decipher the intricate workings of
the SoC and its interaction with the iOS operating system, especially regarding
memory management and protection mechanisms. This process involved a thorough
examination of various device tree files, source codes, kernel images, and
firmware, in a quest to find any reference to these MMIO addresses.

“This is no ordinary
vulnerability. Due to the closed nature of the iOS ecosystem, the discovery
process was both challenging and time-consuming, requiring a comprehensive
understanding of both hardware and software architectures. What this discovery
teaches us once again is that even advanced hardware-based protections can be
rendered ineffective in the face of a sophisticated attacker, particularly when
there are hardware features allowing to bypass these protections,”
comments
Boris Larin, Principal Security Researcher at Kaspersky’s GReAT.

“Operation
Triangulation” is an Advanced Persistent Threat (APT) campaign targeting iOS
devices, uncovered by
Kaspersky earlier this summer. This sophisticated campaign employs zero-click
exploits distributed via iMessage, enabling attackers to gain complete control
over the targeted device and access user data. Apple responded by releasing
security updates to address four zero-day vulnerabilities identified by
Kaspersky researchers: CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and
CVE-2023-41990. These vulnerabilities impact a broad spectrum of Apple
products, including iPhones, iPods, iPads, macOS devices, Apple TV, and Apple
Watch. Kaspersky also informed Apple about the exploitation of the hardware
feature, leading to its subsequent mitigation by the company.

To learn more about
Operation Triangulation and the technical details behind the analysis, read the
report on Securelist.com.

To avoid falling
victim to a targeted attack by a known or unknown threat actor, Kaspersky
researchers recommend implementing the following measures:

About Kaspersky

Kaspersky is a
global cybersecurity and digital privacy company founded in 1997. Kaspersky’s
deep threat intelligence and security expertise is constantly transforming into
innovative solutions and services to protect businesses, critical
infrastructure, governments, and consumers around the globe. The company’s
comprehensive security portfolio includes leading endpoint protection,
specialized security products and services, as well as Cyber Immune solutions
to fight sophisticated and evolving digital threats. Over 400 million users are
protected by Kaspersky technologies and we help
over 220,000 corporate clients protect what matters most to them. Learn more at
www.kaspersky.com.

Kaspersky discloses iPhone hardware feature vital in Operation Triangulation case

Kaspersky’s Global Research and Analysis Team (GReAT) has unveiled a previously unknown hardware feature in Apple iPhones, pivotal to the Operation Triangulation campaign. The team presented this discovery at the 37th Chaos Communication Congress in Hamburg.

Kaspersky Logo

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *