Kaspersky researchers recently revealed the existence of a sophisticated attack against iPhones. Described as “the most complex ever observed”, it calls into question the security of iPhones.
iPhones, often considered as security bastions, have often been put to the test. We will remember a team of Chinese hackers who managed to hack an iPhone 13 Pro in just 15 seconds during the Tianfu Cup, an international hacking competition in China. This attack targeted a security breach in the Safari browser, and was executed despite recent Apple security updatesshowing the persistence of vulnerabilities in its devices.
Another critical flaw had been identified in the processors of iPhones and Macs. In exploiting this vulnerabilityhackers were able to steal personal data contained in web browsers. Called “iLeakage”, this attack allows private data to be recovered through a fake Internet page. This flaw highlights the growing complexity of cyberattacks, which are no longer limited to software, but now extend to hardware components. But even these attacks seem minor compared to the recent discovery of a extremely sophisticated operation.
“Operation Triangulation”: the most sophisticated attack on iPhone
At a hacking conference in GermanyKaspersky revealed an attack called “Operation Triangulation“. It is considered the exploitation of iPhone the most sophisticated to date. It starts with a malicious attachment in iMessage, which doesn't even need to be opened to initiate the process. The attack then exploits four zero-day vulnerabilities, i.e. flaws unknown to developers or the public, to take full control of the device. Then transmit sensitive data such as microphone recordings, photos and geolocation to servers controlled by the attackers. This cyberattack could having affected thousands of iPhones in Russia, exposing a hardware flaw also found in Macs, iPods, iPads, Apple TVs and Apple Watches.
Apple has since then fixed these four vulnerabilitiesbut the existence of this attack raises concerns about the security of the brand's hardware systems. Kaspersky highlights that this brand's advanced hardware protections can also be bypassed. This simply shows that hide security details is no longer sufficient. With the evolution and sophistication of cyberattacks, it is essential to have robust, well-designed security measures, rather than just hoping that attackers will not find the flaws.