Operation Triangulation: campaign that violates Apple devices

Kaspersky’s Global Research and Analysis Team (GReAT) has discovered a previously unknown hardware feature on Apple devices critical to the Operation Triangulation campaign. The analysts presented this discovery at the 37th edition of the hacking congress ‘Chaos Communication Congress’, held in Hamburg.

Kaspersky’s GReAT team has discovered a vulnerability in Apple chips that has played a key role in recent attacks against the brand’s devices, a campaign called ‘Operation Triangulation’ that allowed attackers to bypass protection systems.

This is an APT (advanced persistent threat) campaign targeting iOS devices discovered by Kaspersky earlier this summer. It employs zero-click exploits distributed through the iMessage application. This allows attackers to gain full control of the device and access sensitive user data. It affects a wide range of Apple products, such as iPhones, iPods, iPads, macOS devices, Apple TV…

Everything indicates that the vulnerability discovered is based on the principle of ‘security through obscurity’. After the initial attack through iMessage, cybercriminals manage to gain privileges with which to manipulate memory. Something crucial to obtain full control of the team. This hole has been identified as CVE-2023-38606.

GReAT researchers performed extensive reverse engineering work, meticulously analyzing the iPhone’s hardware and software integration, particularly focusing on the memory-mapped I/O (MMIO) addresses, critical to facilitating communication between the CPU and peripherals. of the system. Unknown MMIO addresses, used by attackers to bypass memory protection, were not identified anywhere in the system’s device tree. The complex operation of the processor and its interaction with iOS was also analyzed, especially in relation to memory management and hardware protection mechanisms. This process involved analysis of source code, kernel images, and firmware, among other things.

“We are not facing an ordinary vulnerability. The closed nature of the iOS ecosystem made the analysis a challenge that took a lot of time and required a deep comprehensive understanding of the hardware and software. A discovery from which it can be extracted that the most “Advanced hardware protections may be ineffective against more sophisticated threats, particularly when there are hardware features that bypass protection,” explains Boris Larin, principal security analyst at Kaspersky’s GReAT.

To be protected against both known and unknown threats, Kaspersky experts recommend:

Update the operating system and applications and install trusted antivirus software to patch vulnerabilities

Provide the SOC team with the latest threat intelligence information. Kaspersky Threat Intelligence Portal is a simple access point for IT companies that offers information and data collected by the company over the last 20 years.

Train the cybersecurity team with Kaspersky online training so that they can face the latest threats. It has been developed by GReAT experts.

To protect endpoints and investigate and resolve incidents in time, it is important to implement EDR solutions such as Kaspersky Endpoint Detection and Response.

Investigate threats with Kaspersky’s Incident Response and Digital Forensics services. This is a service that allows you to have complete and exhaustive information to be prepared for new risks.

Leave a Comment