Researchers at Russian cybersecurity giant Kaspersky have issued a warning regarding what they say is an ongoing attack campaign that exploits a zero-click, zero-day iMessage vulnerability. This previously unknown vulnerability allows code execution, including, the researchers say, additional privilege escalation exploits. The malicious iMessage attachment uses a number of vulnerabilities in the iOS operating system and executes that attachment to install spyware, according to a blog post by Eugene Kaspersky.
The Russian security service FSB says Russian citizens and diplomats have been affected by the vulnerability and accused Apple and the US National Security Agency (NSA) of being behind the attacks, which Apple has denied.
Operation Triangulation Attacks in progress
The campaign, which Kaspersky has dubbed Operation Triangulation, requires no user interaction. As such, this falls under the most critical attack methodologies. Only the act of sending the malicious iMessage, which includes an attachment containing the exploit, triggers the vulnerability.
Rather disconcertingly, Kaspersky researchers say they have traced the first example of the attack back to 2019. As of yesterday, they also confirm that the attacks are still ongoing.
Discovery of the Zero-Click attack
Security researchers became aware of suspicious activity while monitoring devices, including a number of iPhones, using Kaspersky Unified Monitoring and Analysis Platform (KUMA).
The traces of compromise were confirmed after researchers created offline backups of the iPhones in question and inspected them with a mobile verification toolkit. This detected that the final payload was downloaded from a full Advanced Persistent Threat (APT) platform. The precise nature of that payload has not yet been confirmed, however.
We understand that it works using root privileges and issues a series of commands that can be used to gather both system and user information. Twitter post, Kaspersky founder Eugene Kaspersky said that the attack transmits private information to remote servers: recordings of microphones, photos from instant messengers, geolocation and data on a number of other activities.
Russia suggests the attacks are backdoors for NSA spies
While there is currently no firm evidence as to who this campaign is targeting, Russia’s FSB security service has already said that thousands of Russians, including ordinary users and Russian-based foreign diplomats, have been compromised. While Kaspersky has made it clear that it can’t make any sort of attribution at this time, the FSB is firmly placing the blame on the door of the NSA and Apple working in cahoots. Apple has also made it clear that it has never worked with any government to put a backdoor into any Apple product.
How to mitigate an attack
Luckily, that seems like an exploit that’s easy enough to mitigate, as Kaspersky researchers haven’t found any devices running iOS versions later than 15.7 that have been compromised. It is therefore entirely possible that the exploited vulnerability was patched in later versions of iOS.
My advice would, therefore, be the same as it always is when it comes to operating system platforms: update as soon as they’re released. Currently, that would be iOS 16.5 and I would check to make sure your iPhone has indeed been updated. That said, it should also be pointed out that just because no compromised iPhones using iOS 16.5 have been discovered, it doesn’t mean it’s 100% out of the question that they could have been or will be in the future.
Update: Kaspersky has now released a Triangle Check tool to look for evidence of compromise on their devices. With cross-platform capabilities, triangle_check allows users to automatically scan their devices, said Igor Kuznetsov, head of the EEMEA unit of the Kaspersky Global Research and Analysis Team (GReAT). We urge the cybersecurity community to join forces in the pursuit of the new APT to build a safer digital world.
Before using it, however, the user must make a backup of the device to be performed, and the tool then performs a scan of this backup. Triangle Check is available for Windows, MacOS and Linux users and can be found here.
#Warning #issued #iPhone #users #iMessage #0Click #attack #revealed