"IPhone Encounters the Most Complex Attack in History" has recently made it to the hot search. The message states that an "iMessage message" can enable illegal elements to access the user's location, recordings, photos, and other important content on their phone. This incident was named IOSTriangulation by cybersecurity company Kaspersky.
At the latest Chaos Communication Conference, Kaspersky's team of researchers released a detailed report and technical details. Kaspersky mentioned that there is no exact information on how many attacks hackers have launched using this vulnerability before Apple made the fix. Researchers believe this is the most complex attack chain they have ever seen.
The reporter contacted Apple's China region, and a technical consultant told the reporter that they have not yet received any reports of related issues in the China region. If they are concerned about information security, it is recommended to update the system at any time to improve the security of the iPhone.
Several industry cybersecurity analysts said in an interview with a reporter from the New Beijing News and Shell Finance that, based on the complexity of this attack, it is rare for a hacker attack to simultaneously use four zero day vulnerabilities (referring to previously undetected and ineffective preventive measures). The target of this attack is not ordinary users, but more likely to be users with specific identities. However, ordinary users also need to develop the habit of timely installing vendor security vulnerability upgrade patches. From the perspective of network security, the discovery and continuous repair of vulnerabilities themselves is a norm. The vulnerability of Apple phones may receive more research and attention due to their high number of users, but there is no evidence to prove that they are less secure than similar products. "What we are concerned about is whether it can be fixed in a timely manner and whether there is a mature vulnerability management mechanism."
How significant is the impact of vulnerabilities being active for four years?
This vulnerability was active from 2019 to December 2022, lasting for four years. Last June, relevant vulnerabilities were reported, and Apple released multiple updates in late June to fix the vulnerabilities. However, the details of the relevant vulnerabilities were not disclosed at that time.
So, in the most complex attacks that Apple has encountered, which users will be targeted and how much impact will it have?
"IMessage message" is a communication method in Apple's "messages" that can send text, images, videos, music, and other information to other iOS devices, iPadOS devices, Mac computers, and Apple Watch. This communication method does not consume information costs, only network traffic. Due to the popularity of chat apps such as WeChat, most domestic Apple phone users do not frequently use iMessage messages, which are mainly popular in small circles. However, the usage rate of iMessage information is particularly high overseas, especially in the United States. Its highlight is that it has multiple special effects functions, which can achieve chat effects that daily communication software cannot achieve. Although Apple has not publicly released official data on the service, analysts estimate that iMessage has as many as 1 billion users worldwide.
Kaspersky security researchers have provided a detailed interpretation of the vulnerabilities involved in iMessage information. According to their introduction, over the past four years, hackers have been able to directly obtain the highest level of Root privileges on the iPhone through hardware level backdoors (super administrator user accounts, meaning they have obtained the highest privileges on the phone), thereby implanting malicious programs and collecting data such as microphone recordings, photos, and geographical locations. Although restarting the phone can close the vulnerability, it is also easy to re invade. Attackers only need to send a malicious "iMessage SMS" to reopen without the need for user clicks or other actions.
Ding Xiao, a senior consultant at Beijing Anxin Tianxing Technology Co., Ltd., analyzed to reporters from Beike Finance that collecting sensitive data is one of the most common attack purposes targeting the general public. After collecting sensitive data, illegal sales of personal sensitive data can be carried out, or it can continue to evolve into targeted phishing attacks, thereby obtaining greater illegal profits. "Fortunately, this vulnerability is targeted at iMessage software, and the number of users in China is not high, so its impact on Apple users in China is relatively limited."
Behind the "most complex attack chain": 4 zero day vulnerabilities are used simultaneously, and Apple's response is not timely
Who exploited this backdoor behind the most complex attack chain?
To successfully utilize this backdoor, it is necessary to have a deep understanding of the underlying mechanisms of Apple products. Researchers cannot imagine how this vulnerability was discovered and believe that it is almost impossible for anyone other than Apple and ARM to know about its existence. Kaspersky stated that this is the "most complex attack chain" the research team has ever seen. Hackers cleverly exploited hardware mechanism vulnerabilities in Apple chips and successfully executed related attacks, which proves that even if the device software has various encryption protection mechanisms, if there are vulnerabilities in the hardware mechanism, it is easy for hackers to invade.
According to Cheng Xiaofeng, a technical expert from the Beijing Cyberspace Security Association, based on the complexity of this attack, it is "extremely rare" for a hacker attack to simultaneously use four zero day vulnerabilities (i.e., previously undetected and without effective prevention measures). Only the historically famous "Zhenwang" virus attack on Iran's Natanz nuclear plant can reach this level (a total of 7 vulnerabilities were exploited, of which 4 were zero day vulnerabilities). Another anonymous cybersecurity expert also told reporters that the complexity of this attack mainly refers to the superposition of multiple vulnerabilities.
Cheng Xiaofeng told reporters that based on existing information, the target of this attack is not ordinary users. Only users with specific identities have attack value. "However, it is worth noting that due to the disclosure of four zero day vulnerabilities in this attack, telecommunications fraud organizations or ransomware organizations may exploit one or more of these vulnerabilities to develop fraudulent software or ransomware for attacks before Apple has released patches to fix the vulnerabilities. Therefore, for ordinary users, the safest method is to pay attention to Apple's official upgrade patches in a timely manner, not for convenience." Jailbreak Apple's official iOS operating system into other insecure operating systems. For non Apple phone users, it is also necessary to develop the habit of timely installing vendor security vulnerability upgrade patches
"Apple has a large number of users, and it is very normal to be attacked by hackers. The key is whether such system vulnerabilities are discovered and patched in a timely manner, otherwise it will cause a large amount of user information leakage or terminal control." Ma Jihua, a senior analyst in the communication industry, analyzed Beike Finance reporters. From the leaked information, it can be seen that the attack took a long time, the vulnerabilities were large, and Apple did not respond quickly, Posing a significant threat to the security of Apple's system. "Furthermore, if the vulnerability is very secretive and can only be exploited by very knowledgeable individuals, it proves that there is a risk in Apple's management."
Although these vulnerabilities have now been fixed, researchers warn that zero day vulnerabilities in product hardware (such as those discovered here) indicate "defects". As attackers become more advanced, these systems will never truly be secure.
The system has no absolute security
This is not the first time Apple has been exposed to have a security vulnerability. In fact, although Apple has always claimed to emphasize the strong safety and high reliability of its products. But this does not guarantee that it is absolutely risk-free.
As early as 2020, a senior information security researcher from Google discovered significant vulnerabilities in devices such as Apple phones, allowing users to access all their information without touching their phones. Last August, Apple released two security reports revealing serious security vulnerabilities in its smartphones, iPhones, tablets, iPads, and iMacs. These vulnerabilities may allow potential attackers to invade user devices, gain administrative privileges, or even fully control the devices and run the application software within them.
Cheng Xiaofeng pointed out that no device or system can guarantee absolute safety. Although Apple has been continuously upgrading to address security issues discovered, as device functionality and performance continue to evolve, security researchers have made breakthroughs in vulnerability mining tools, especially in the past year when artificial intelligence technology has been used to assist in vulnerability mining. New vulnerabilities will always be discovered and utilized. He also emphasized that as vulnerabilities can be exploited to obtain huge political and economic benefits, they have been seen by various countries as reserves of weapons for cyber warfare. So even if more vulnerabilities are discovered in the future, vulnerabilities with high risk levels and high utilization value will be hidden. However, China has strengthened its vulnerability management work. "Based on previous cases of vulnerability management related penalties, it can be seen that China has a sound legal and regulatory system for vulnerability management involving national security and public interests, which will effectively urge Apple to promptly repair its product vulnerabilities."
Ding Xiaoze pointed out that this vulnerability is based on Apple products, but in reality, many products on the market are involved in similar issues. As a mainstream brand, targeted vulnerability mining and malicious program development are definitely relatively widespread in Apple. Each brand should promptly disclose the vulnerabilities of their own products and develop corresponding patches in a timely manner. At the same time, they should release them to product users as soon as possible to protect their interests. As individual users, they should also pay attention to the patch information of their own devices, install corresponding patches in a timely manner, and ensure that their devices can be in a relatively safe state. At the same time, if their own property damage is caused by the corresponding vulnerabilities, or The loss of personal information should be promptly saved with screenshots and other evidence that can be used as evidence, and feedback should be provided to the public security organs
A technical consultant from Apple China suggests that users should try not to download software outside of the App Store and keep their systems updated at all times. "The absolute security of any system is impossible to achieve. It is all a battle of wits and courage with hackers. It is all improved in the process of continuous upgrading, and Apple is no exception." Ma Jihua said that in this process, the system operator needs to put the interests of users first, do not whitewash, deal with and help users reduce risks in a timely manner. He also suggests that users should upgrade their system versions in a timely manner to reduce the risk of system vulnerabilities. On the other hand, they should also raise their security awareness and use less unsafe applications that may pose risks.