Russian hacks row: After shocking accusations fly, Apple fixes bug on iPhones

After a security company flagged the fact that iPhones were to blame for extensive Russian hacks, Apple has fixed the software deficiencies. These were exploited in large-scale hacking campaigns targeting Russians.

| Updated on: Jun 22 2023, 11:25 IST
iPhone security threats skyrocketted in 2021! Here is a WARNING and what you can do
1/5 It was found in an analysis by Atlas VPN that Apple struggled with security in the last 6 months of 2021 with hackers’ exploitation percentage going up by almost 467%, Tech Radar reported. (AP)
2/5 Coincidently, Apple’s Safari browser was the most vulnerable application. Devices running iOS 14.8 are the most at risk. (Pixabay )
3/5 Apple’s unique ecosystem where different devices can sync with each other is what draws customers in. However, the same reason is what draws in hackers as well. The ecosystem makes it relatively easy to hack multiple devices. (Apple)
4/5 The National Institute of Standards and Technology gave one of the bugs in Apple's ecosystem one of the highest dangers ranks attainable with a base score of 8.8 out of 10, in part because of its applicability to iPhones, iPads and Apple computers. (Pixabay)
5/5 Google was the most vulnerable tech company of 2021, followed by Microsoft. Therefore, the first thing you should do in order to keep your device safe is keep an eye out for updates by these companies and regularly update it. (REUTERS)
icon View all Images
Apple has fixed iPhone software bug that was at the centre of a controversy over extensive hacks in Russia. (Bloomberg)

Apple has announced on Wednesday that it has resolved two security deficiencies found in iPhones and iPads, which were exploited to hack devices in Russia. These flaws were part of a significant campaign that Russian intelligence attributed to the United States, Washington Post reported.

The credit for discovering these flaws goes to researchers from Kaspersky Lab, a Russian security software maker. Kaspersky had revealed three weeks ago that its senior employees were among the targeted individuals. Simultaneously, Russia's Federal Security Service (FSB) accused the National Security Agency (NSA) of being responsible, but no evidence or explanation was provided to support this claim. The NSA has not responded to this accusation.

According to Kaspersky, the attack method involved sending a malicious attachment via iMessage. Even without opening the message, the recipient's device would become infected, enabling the attacker to execute any desired code. Restarting the device would remove the infection, so experts recommend regular restarts. Apple's optional Lockdown Mode also protects against these attacks.

Kaspersky has now provided further information, disclosing that the malicious code installed after the infection had 24 commands. These commands included extracting passwords from Apple's Keychain, monitoring locations, and modifying or exporting files.

Georgy Kucherin from Kaspersky stated, "As we investigated the attack, we discovered a sophisticated iOS implant with numerous intriguing characteristics." Kaspersky named the attack "Triangulation" and has released tools, along with others, to help users check if their devices are infected.

Apple confirmed that the fixes would safeguard iPhones running iOS 15. 7 or older versions, which became outdated in September. Recent versions of the operating system already had additional improvements that rendered them immune to these attacks. Apple reported that 90 percent of customers who purchased devices within the past four years have updated to iOS 16, the latest major release.

Kaspersky expressed gratitude to Apple for collaborating on the analysis and resolution of these vulnerabilities.

Previously, Kaspersky had exposed some of the most advanced spying tools associated with the NSA, including those related to Stuxnet, which targeted Iranian uranium enrichment facilities.

US officials later confirmed that Kaspersky's consumer antivirus software was used to collect classified information from an intelligence employee's personal computer. Consequently, Kaspersky was banned from federal machines, leading to a significant decline in its market share in the United States.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 22 Jun, 11:00 IST