"Triangulation" iPhone spyware used Apple hardware exploits unknown to almost everyone

Daniel Sims

Posts: 1,366   +43
Staff
The big picture: Months after Kaspersky's initial report on an extremely sophisticated spyware affecting iPhones, the security company revealed new details that could indicate the full breadth of its reach. The latest Apple firmware is no longer vulnerable to this attack, but a significant mystery remains regarding its development.

A new report from Kaspersky's security team outlines all the currently known details of "Triangulation," arguably the most sophisticated iOS spyware ever discovered. The most intriguing detail is that it relies on exploits hidden so deeply that virtually no one outside of Apple could have known about them.

Triangulation is the name the Russian security company gave to the spyware it found on iPhones used by its employees earlier this year. The malware, affecting iOS versions 15.7 and earlier, leaked microphone recordings, location data, and more.

More concerning is that the spyware is "zero-click." It activates when a phone receives a text message with a malicious attachment, without requiring the user to open or read the message. It bypasses Apple's hardware protections and can access a device's entire physical memory. Furthermore, the malware remains active even after the message is deleted.

Initial research suggested that the spyware campaign has been ongoing since at least 2019. However, Kaspersky's latest findings indicate support for iOS versions older than 8.0, released in 2014.

The big mystery is how Triangulation came to rely on undocumented Apple hardware features, never mentioned in the company's firmware. This functionality and related exploits should be known only to developers inside Apple and possibly Arm.

The revelations might strengthen accusations from Russia's FSB that Apple and the NSA have been collaborating to plant spyware on iPhones used by diplomats from Russia and various other countries. Apple has denied the claims, and Kaspersky has not ruled out any possibilities. The company suggests that the secret functions were intended for internal debugging and that extremely skilled hackers could have discovered them while reverse engineering the system.

Triangulation also exploited four zero-day vulnerabilities affecting iPhones, iPads, Macs, Apple Watches, and Apple TVs. However, Kaspersky has not found evidence of the spyware on products other than iPhones. Apple fixed the security flaws with updates including iOS 16.6, iPadOS 16.6, tvOS 16.6, watchOS 9.5.3, and macOS Ventura 13.5.

Permalink to story.

 
It’d be nice if you could disable text messaging. It would be more secure and force my hold out friends onto Signal.

And no more spam texts.
 
I wonder if Apple's isolation lockdown mode, offers any protection to this.

Isolation mode in particular Imessage disabled the pre-read or opening of content. There's so far no hack available (yet) that penetrates the lockdown mode in Apple Devices.

I'm using it. Just for the fact that I like to have my phone secured at all costs. I'm very aware that my Apple Icloud offers a way in but technically just not in my phone.
 
Last edited:
If this exploit is real, I certainly hope that it was by the NSA. Better than than this sort of capability being in the hands of the bad guys.
 
If this exploit is real, I certainly hope that it was by the NSA. Better than than this sort of capability being in the hands of the bad guys.
I dont think you understand how computers work. This is not something crazy complicated. Every time you use software you stumble across unintended behaviour. Sometimes its a small bug, sometimes its a NSA-Level-Kernel-Exploit. Just the way it is.

The only difference for bigger companies (like NSA) is, that they have systems that try to find this kind of unintended behaviour 24/7/365 by doing random stuff. They hence discover more stuff.

I started as a small web developer, but when Intel released a 10G-driver that only works with certified cables - you ask why. In the end it resulted in a kernel-hack, that patched the security check. You dont need special training to do this. Just curiosity.
 
If the NSA is as politicized as the DOJ and FBI, we are screwed.

In case you're implying that the current administration politicized those departments, you are totally, willfully clueless and exponentially wrong.

Those depts you mention were politicized to the extreme by the Orange Face. In fact he made the DOJ his own defense law firm and unleashed the FBI on his own perceived enemies.

But you won't know that from that septic tank of misinformation: Faux Noise.
 
In case you're implying that the current administration politicized those departments, you are totally, willfully clueless and exponentially wrong.

Those depts you mention were politicized to the extreme by the Orange Face. In fact he made the DOJ his own defense law firm and unleashed the FBI on his own perceived enemies.

But you won't know that from that septic tank of misinformation: Faux Noise.
Let's not start that fight... I'm confident there has ALWAYS been politics in federal agencies. Some administrations may have made it worse, present, former, and many many former administrations not excluded. There is greed and corruption at all levels and in all areas of government. And it isn't just the U.S., either.
 
Let's not start that fight... I'm confident there has ALWAYS been politics in federal agencies. Some administrations may have made it worse, present, former, and many many former administrations not excluded. There is greed and corruption at all levels and in all areas of government. And it isn't just the U.S., either.
Politics aside, Still, what PEnnn said WAS funny!
 
I dont think you understand how computers work. This is not something crazy complicated. Every time you use software you stumble across unintended behaviour. Sometimes its a small bug, sometimes its a NSA-Level-Kernel-Exploit. Just the way it is.

The only difference for bigger companies (like NSA) is, that they have systems that try to find this kind of unintended behaviour 24/7/365 by doing random stuff. They hence discover more stuff.

I started as a small web developer, but when Intel released a 10G-driver that only works with certified cables - you ask why. In the end it resulted in a kernel-hack, that patched the security check. You dont need special training to do this. Just curiosity.
(y) (Y)
I was involved with the systems acceptance test for a certain product, way back in the 1990s. I, having transferred from the production to engineering, because of my familiarity with a certain other product, was surprised to learn, that of the three types or classes of bugs, only class 1 were such that they had to be resolved before the product was good enough to sell. BTW, this was test equipment sold to TELCOs. Though the class 2 & 3 bugs occurred only in very unusual circumstances, they still existed, and there were so very many of them!

My point is that it seems inherent in hi-tech things that there are very many undesirable features lurking in the shadows. It only takes time and effort to find them.
 
Back