A previously unknown hardware feature has been hijacked to hack iPhones across the world

News
By Sead Fadilpašić
published

FSB accused Apple of siding with the NSA

iPhone 15 foreground Google Pixel 8 Pro background
(Image credit: Future | Alex Walker-Todd)

Apple’s iPhone seems to have shipped with some unknown hardware features which were then uncovered by hackers who found a way to exploit them in highly destructive zero-click attacks. 

A new report from Kaspersky has outlined how roughly five years ago, it discovered a unique spyware targeting iPhone devices. They named the campaign "Operation Triangulation", and after reverse-engineering the spyware and breaking down the campaign, Kaspersky found that the attackers chained four vulnerabilities to mount zero-click attacks.

As the name suggests, these attacks require no interaction from the victim’s side and can be used to steal sensitive data from the endpoint, run code remotely, or completely take over the device.

Reader Offer: Save up to 68% on Aura identity theft protection

Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today. 

 Preferred partner (What does this mean?) 

View Deal

Zero click attacks

The four vulnerabilities being chained are tracked as CVE-2023-41990, CVE-2023-32434, CVE-2023-32435, and CVE-2023-38606. It’s the latter that’s particularly interesting because it targets MMIO (memory-mapped I/O) registers in Apple A12-A16 Bionic processors which are not listed in the DeviceTree.

"If we try to describe this feature and how the attackers took advantage of it, it all comes down to this: they are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware," Kaspersky said in its report.

Right now, no one knows how or why these features ended up in the commercial version of the device. BleepingComputer reports that Russia's intelligence service (FSB) accused Apple of building a backdoor for the NSA to use against the Russian government and embassy staff. It also speculated that the features were left out by mistake, and used in the development phase for debugging or hardware testing. 

In any case, Apple addressed the issue by updating the device tree to restrict physical address mapping.

TechRadar Pro has contacted Apple for comment.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.