Kaspersky Reveals iPhone Gap Exploited by Operation Triangulation Attack

The team at Kaspersky, known as the Global Research and Analysis Team (GReAT), revealed an iPhone security vulnerability in Apple's SoC chip.

The team at Kaspersky, known as the Global Research and Analysis Team (GReAT), revealed an iPhone security vulnerability in Apple’s SoC chip.

This critical flaw was exploited by a campaign named Operation Triangulation, which targeted iPhones. The team shared these findings at the thirty-seventh Chaos Communication Congress held in Hamburg. 

This vulnerability enables attackers to circumvent the memory protection system in iPhones operating on iOS 16.6 or earlier versions. This discovered security gap is an advantage in the phone gear and is likely based on the principle (security resulting from lack of knowledge), perhaps with the aim of testing or correcting errors. 

The role of this advantage in the Operation Triangulation attack comes after the initial attack, which does not need to be clicked through the iMessage service, and the subsequent upgrading of powers. The attackers used this advantage in materiel to override gear-based protections and manipulate the contents of memory-protected areas. 

According to Kaspersky, this vulnerability has not yet been confirmed through public verification, making it more challenging to detect and analyze using conventional security techniques. The Global Research and Analysis Team (GReAT) at Kaspersky has carried out detailed reverse engineering and thorough analysis, focusing on the interplay between the iPhone’s hardware and software. They concentrated particularly on specific input and output addresses in the Memory-Mapped Input/Output (MMIO), which are crucial for enabling efficient communication between the CPU and the peripheral devices of the system. 

The Memory-Mapped Input/Output (MMIO) addresses, which attackers utilized to bypass core memory protections, have not been identified in any known hardware scheme areas, presenting a significant challenge. As a result, the Kaspersky Team also needed to comprehend the intricate operations of the system on the chip and its interaction with iOS. This understanding primarily focused on memory management and protection mechanisms. 

This process included a comprehensive examination of the various hardware scheme areas, source code, kernel images, and firmware in an attempt to find any mention to those MMIO addresses. 

“This is no ordinary vulnerability. Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections,” comments Boris Larin, Principal Security Researcher at Kaspersky’s GReAT. 

It’s important to mention that Kaspersky recently uncovered the Operation Triangulation attack this summer, which is classified as an Advanced Persistent Threat (APT) campaign specifically targeting iOS devices. 

This campaign uses a complex method to spread iPhone security gaps that don’t even need to be clicked through the iMessage messaging service, which in general leads to attackers obtaining full control over the target device and the user’s data within it. 

Apple also launched security updates addressing four of the iPhone security gaps (Zero Day) that Kaspersky researchers officially discovered: (CVE-2023-32434, CVE-2023-32435, CVE-2023-38606 and CVE-2023-41990). These gaps have affected a wide range of Apple products, including iPhones, iPads, macOS computers, Apple TVs and Apple smartwatches. 

Kaspersky experts’ recommendations to be protected from Operation Triangulation attack. 

In order to protect yourself from a targeted attack, whether from a well known dangerous or unknown source, Kaspersky researchers recommend applying the following measures: 

  • Update the operation system, apps, and antivirus regularly to fill in the any detected security gap 
  • Give The Security Operations Centre team access to to the latest threat information. The Kaspersky Threat Intelligence Portal is a unified access point for threat information and provides cyberattack data and information collected by Kaspersky over 20 years. 
  • Train your cyber protection team to counter the latest attacks directed using Kaspersky’s online training service, developed by global research and analysis team experts. 
  • include detection and response solutions for peripheral points such as: Kaspersky Endpoint Detection and Response; To detect, investigate and solve accidents at the peripheral level. 
  • Investigate security alerts and threats identified by security controls through Kaspersky’s Incident Response and Digital Forensics services for major knowledge.

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.