The scandal with the spying capabilities of Apple smartphones has suddenly started to develop in Russia, and it seems that the end of this hype may be sad for fans of Apple technology. However, in this story, as in any such scandal, there are many strange things.
It all started yesterday morning when news agencies published the following news: "The FSB of the Russian Federation has uncovered an operation of American secret services using Apple equipment and several thousand handsets of this brand were infected".
Two hours later, presidential spokesman Peskov said, "The use of iPhones for official purposes in the presidential administration is unacceptable and prohibited."
A little later, a Kaspersky Lab statement emerged: "Dozens of Kaspersky Lab employees' iPhones were infected with spyware."
How your iPhone gets infected: (https://securelist.ru/operation-triangulation/107470/)
An infected iOS device receives an iMessage with a special attachment containing an exploit. Without any interaction with the user, the exploit from the message triggers the execution of malicious code. This code connects to the control server and leads to the sequential download of several malware "steps," including additional exploits to escalate privileges.
Once all the malicious components have been successfully processed, the final malicious payload - a full-fledged APT platform - is downloaded. The message and the exploit attachment are deleted during the infection process. The malicious platform runs exclusively in RAM and is not installed in the system due to operating system limitations. However, event sequences of multiple devices indicate that devices may be infected again after a reboot.
The oldest infection timestamps point to 2019. As of this writing (June 2023), the attack continues, with the most senior iOS version on detected infected devices being 15.7.
Analysis of the malicious platform continues. We already know that it runs with superuser privileges, implements a set of commands to gather information about the user and the system, and allows the execution of arbitrary code in the form of plugins passed from the control server.
What is strange here is that who else but Kaspersky Lab should know that any smartphone, and primarily the iPhone runs on a completely closed proprietary operating system, has a completely proprietary processor, contains communication chips from a number of American technology companies, and they all send full statistics, including to the American intelligence services with the help of programs whose code is obfuscated and almost impossible to analyze.
In my opinion, this is as clear as a white day to any little-educated IT-specialist. Why were you making all that fuss about an unknown infection?
It has been said many times that the U.S. intelligence agencies have direct access to all the statistics of any iPhone user, contacts, all the messages, location, fingerprints from the iPhone 5S from 2013, and even full biometrics, including the retina, taken with clever lidars. And on these devices, the "independent sovereign" Central Bank of Russia is going to make an anti-sanction digital ruble.
Well, if this is all a circus with a 100% probability, then why all the fuss? Most likely, we are talking about a possible complete ban on the use of the iPhone by civil servants and employees of government agencies, as well as companies that carry out government contracts, that is, virtually everyone. And then they will outlaw it altogether.
Discussion
No replies yet.