Posted on 01/15/2024 5:58:34 AM PST by FarCenter
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days.
The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign. A zero-day in the feature allowed the attackers to bypass advanced hardware-based memory protections designed to safeguard device system integrity even after an attacker gained the ability to tamper with memory of the underlying kernel. On most other platforms, once attackers successfully exploit a kernel vulnerability they have full control of the compromised system.
On Apple devices equipped with these protections, such attackers are still unable to perform key post-exploitation techniques such as injecting malicious code into other processes, or modifying kernel code or sensitive kernel data. This powerful protection was bypassed by exploiting a vulnerability in the secret function. The protection, which has rarely been defeated in exploits found to date, is also present in Apple’s M1 and M2 CPUs.
The details are staggering:
(Excerpt) Read more at schneier.com ...
The key takeaway here is “this is nation-state stuff” - cyber warfare, not some clever hackers in their bedrooms…
Thanks for posting!
Once the javascript core library is modified to the attacker’s desire (this exploit was 11,000 minimized lines of code!) then game over. They could also see the entire user memory space (passwords in RAM, etc).
Used to read every one of these security updates back in the day - and the white papers. Now, it took me a year before I set up a voicemail message on my phone ;-)
Oh well, just upgraded to iOS 17.
These systems are too complex these days to be able to lockdown everything.
I wonder if that is why my Apple iPhone 14 Pro is a piece of junk. Dropped calls, lagging dialing internet that freezes up.
Anybody else with a iPhone that is garbage?
If the FBI can penetrate your phone, other bad people can too.
A gigabyte of my 10GB monthly allocation was used up in the hour or so I’ve been online here.
I think it was for a Microsoft update.
Nope you're the only person on Earth to ever have an iPhone that had a problem...</kidding>
iPhone 12 here with T-Mobile. I suffer the same problems — calls that suddenly drop, calls that won’t connect, and periodic crappy voice quality. We cut our mobile bill in half by switching from Verizon to T-Mobile and that is exactly when the problems started.
I got my new iPhone a couple years ago and switched to T-Mobile at the same time. I drove my wife to the airport, and, on the way home from the airport, I called my sister. Three calls dropped in succession. This happened as I was driving on I-90 by Spokane, WA.
I don’t need Russian hackers to make my iPhone experience bad.
I just updated to 17.2.1
I have an iPhone 12 on Verizon. I haven’t had any such problems. Neither has my wife on her iPhone 13.
I think there’s an option you can choose to not have updates on cell use time. IOW, only update when wifi is available, IIRC.
Again fingering T-Mobile. Things were good on Verizon for us and turned to crap when we switched. But saving 50% on our mobile bill is just too enticing.
> I wonder if that is why my Apple iPhone 14 Pro is a piece of junk.
Get rid of tik-tok, facebook, and all the google stuff that you can live without. Those apps monitor everything and are resource hogs.
Basically, remove the mass marketing social media junk.
I’m about a year into my iPhone 14 Pro, so far so good. From what you describe it sounds like the network used might be the issue. I’d talk to your carrier, and from there talk warranty with Apple. Good luck.
We cut our mobile bill in half by switching from Verizon to T-Mobile and that is exactly when the problems started ... I don’t need Russian hackers to make my iPhone experience bad.
—
Its a carrier problem obviously, not an iPhone problem. Try a different carrier.
I’ve talked to T-Mobile several times. They make some back-end changes and things get better for a while. Then the problems start again. I keep meaning to find another carrier that doesn’t operate on the T-Mobile network. Just haven’t had time.
Schneier is a good source. He doesn’t hype things up. Will be interesting to see his whole take on this. The first book I ever bought about crypto was his “Applied Cryptography”.
try spectrum
Thanks. We have Spectrum Internet in Idaho.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.