Russian hacks row: After shocking accusations fly, Apple fixes bug on iPhones
After a security company flagged the fact that iPhones were to blame for extensive Russian hacks, Apple has fixed the software deficiencies. These were exploited in large-scale hacking campaigns targeting Russians.
Apple has announced on Wednesday that it has resolved two security deficiencies found in iPhones and iPads, which were exploited to hack devices in Russia. These flaws were part of a significant campaign that Russian intelligence attributed to the United States, Washington Post reported.
The credit for discovering these flaws goes to researchers from Kaspersky Lab, a Russian security software maker. Kaspersky had revealed three weeks ago that its senior employees were among the targeted individuals. Simultaneously, Russia's Federal Security Service (FSB) accused the National Security Agency (NSA) of being responsible, but no evidence or explanation was provided to support this claim. The NSA has not responded to this accusation.
According to Kaspersky, the attack method involved sending a malicious attachment via iMessage. Even without opening the message, the recipient's device would become infected, enabling the attacker to execute any desired code. Restarting the device would remove the infection, so experts recommend regular restarts. Apple's optional Lockdown Mode also protects against these attacks.
Kaspersky has now provided further information, disclosing that the malicious code installed after the infection had 24 commands. These commands included extracting passwords from Apple's Keychain, monitoring locations, and modifying or exporting files.
Georgy Kucherin from Kaspersky stated, "As we investigated the attack, we discovered a sophisticated iOS implant with numerous intriguing characteristics." Kaspersky named the attack "Triangulation" and has released tools, along with others, to help users check if their devices are infected.
Apple confirmed that the fixes would safeguard iPhones running iOS 15. 7 or older versions, which became outdated in September. Recent versions of the operating system already had additional improvements that rendered them immune to these attacks. Apple reported that 90 percent of customers who purchased devices within the past four years have updated to iOS 16, the latest major release.
Kaspersky expressed gratitude to Apple for collaborating on the analysis and resolution of these vulnerabilities.
Previously, Kaspersky had exposed some of the most advanced spying tools associated with the NSA, including those related to Stuxnet, which targeted Iranian uranium enrichment facilities.
US officials later confirmed that Kaspersky's consumer antivirus software was used to collect classified information from an intelligence employee's personal computer. Consequently, Kaspersky was banned from federal machines, leading to a significant decline in its market share in the United States.