The Russia-based cyber firm Kaspersky is working to reverse-engineer a hack of iPhones and said it has discovered a vulnerability in Apple’s work that has existed since the 1990s, sparking new questions about the identity of the cyberattacker.
The 14-step hacking method to breach Apple devices used around 11,000 lines of computer code and began with a zero-click attack sent over iMessage, according to Kaspersky’s Boris Larin, Leonid Bezvershenko and Georgy Kucherin.
They said the breach succeeded without showing signs to Apple users and it bypassed hardware-based protections.
“Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake,” the Kaspersky researchers wrote in December. “Because this feature is not used by the firmware, we have no idea how attackers would know how to use it.”
The Russian government has blamed the American government for breaches of iPhones. In June, Russia’s Federal Security Service, known as the FSB, said it found U.S. intelligence agents had compromised thousands of Apple iPhones in a spying operation aimed at Russia and individuals from other countries such as China and Israel.
The FSB said the iPhone breaches were the work of the U.S. National Security Agency, allegedly working in close cooperation with Apple. The NSA declined to comment to The Washington Times in June on the FSB’s accusation and Apple told Reuters that it did not work with any government to install “backdoors” into its products and would not do so.
Alongside the Russian government’s claims, Kaspersky investigators said in June that they had found malicious software deployed against the iPhones of those in its own management team. Kaspersky CEO Eugene Kaspersky said at the time that his company knew its employees were not the hackers’ main target and that the attack began via “an invisible iMessage with a malicious attachment.”
Whether the hackers had help from Apple remains a mystery, according to the Kaspersky researchers.
In an update published to Kaspersky’s Securelist blog on Tuesday, the researchers said information provided by hardware hacker Hector Martin led the Kaspersky researchers to conclude that the cyberattackers could have uncovered the hole in Apple’s security systems without the company’s help.
“This discovery also raises the possibility that this unused hardware feature could have been found through experimentation, but to do so would require attackers to solve a large number of unknown variables,” the Kaspersky researchers said.
Apple has acknowledged some of the Kaspersky researchers’ findings in updates published online last year. The Cupertino, Calif.-based company said it addressed the issues identified by the Kaspersky researchers with “improved handling of caches” and “improved state management,” according to updates on an Apple Support webpage about the security of its operating systems.
The Kaspersky researchers said in December they were nearly done reverse-engineering all aspects of the hack and would publish a series of articles in 2024 to document each vulnerability and how it was exploited.
The researchers said they still have many unanswered questions.
“What we do know — and what this vulnerability demonstrates — is that advanced hardware-based protections are useless in the face of a sophisticated attacker as long as there are hardware features that can bypass those protections,” the researchers wrote.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.