Months after blowing the whistle on a sophisticated campaign that dropped full-featured spyware onto iPhones, researchers have disclosed more about the attack’s complex exploit chain that abused four separate vulnerabilities.
Among the finding are that the zero-click attacks took advantage of a flaw in an undocumented Apple hardware security feature. This enabled attackers to manipulate the contents of secure memory, and ultimately gain full control of iPhones, and potentially other Apple devices.
The new insights were revealed by Kaspersky, the firm that first discovered the “Operation Triangulation” campaign after its own staff had their phones compromised by the unidentified advanced persistent threat (APT) group carrying out the campaign.
Kaspersky presented its findings at the 37th Chaos Communications Congress in Hamburg, Germany, on Dec. 27 and, on the same day, its Global Research and Analysis Team (GReAT) published a research post outlining its discoveries.
“If we try to describe [the hardware security] feature and how the attackers took advantage of it, it all comes down to this: they are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware,” the researchers wrote.
“Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or that it was included by mistake. Because this feature is not used by the firmware, we have no idea how attackers would know how to use it.”
The vulnerability, tracked as CVE-2023-38606, has since been patched by Apple, as have the three other bugs in the Operation Triangulation exploit chain: CVE-2023-41990, CVE-2023-32434, and CVE-2023-32435.
“What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing [them] to bypass these protections,” said GReAT principal security researcher Boris Larin.
The Operation Triangulation attacks began with the threat actors sending a malicious iMessage containing an attachment to the target iPhone which was processed without the user being aware of it.
The iMessage attachment exploited CVE-2023-41990, a remote code execution vulnerability in the Apple-only ADJUST TrueType font instruction.
Once the exploit chain was complete, and the spyware was installed, the attackers had complete control of their target’s device, allowing them to carry out a range of espionage activities including transmitting the phone’s contents to their servers.
Although the spyware was wiped when the phone was rebooted, that did not stop the attackers reloading the malware and taking control of the device again.
Kaspersky discovered the malware was designed to work on MacOS devices, IPads, Apple TVs and Apple Watches as well as iPhones.
“We discover and analyze new exploits and attacks using these on a daily basis, and we have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is definitely the most sophisticated attack chain we have ever seen,” the researchers said in their post.
“We do not know how the attackers learned to use this unknown hardware feature or what its original purpose was. Neither do we know if it was developed by Apple or [if] it’s a third-party component like ARM CoreSight.”
CoreSight is the debug-and-trace architecture used by chipmaker ARM, an apple supplier. “Hardware security very often relies on ‘security through obscurity’, and it is much more difficult to reverse-engineer than software, but this is a flawed approach, because sooner or later, all secrets are revealed,” the researchers said. “Systems that rely on ‘security through obscurity’ can never be truly secure.”