Researchers find flaw in Apple's SoC that contributed to recent iPhone attacks
According to the global cybersecurity firm Kaspersky, the discovered vulnerability is a hardware feature, possibly based on the principle of “security through obscurity,” and may have been intended for testing or debugging.
NEW DELHI: A team of researchers has discovered a vulnerability in Apple System on a chip, or SoC, that has played a critical role in the recent iPhone attacks, known as Operation Triangulation, allowing attackers to bypass the hardware-based memory protection on iPhones running iOS versions up to iOS 16.6, a new report said on Friday.
According to the global cybersecurity firm Kaspersky, the discovered vulnerability is a hardware feature, possibly based on the principle of “security through obscurity,” and may have been intended for testing or debugging.
Following the initial 0-click iMessage attack and subsequent privilege escalation, the attackers leveraged this hardware feature to bypass hardware-based security protections and manipulate the contents of protected memory regions.
This step was crucial for obtaining full control over the device. Apple addressed the issue, identified as CVE-2023-38606, the report mentioned.
“This is no ordinary vulnerability. Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures," said Boris Larin, Principal Security Researcher at Kaspersky’s GReAT.
"What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections,” he added.
As per the researchers, this feature was not publicly documented, presenting a significant challenge in its detection and analysis using conventional security methods.
The researchers conducted extensive reverse engineering, meticulously analysing the iPhone's hardware and software integration, with a particular emphasis on Memory-Mapped I/O, or MMIO, addresses, which are critical for facilitating efficient communication between the CPU and peripheral devices in the system.
Unknown MMIO addresses, used by the attackers to bypass the hardware-based kernel memory protection, were not identified in any device tree ranges, presenting a significant challenge, the report explained.
“Operation Triangulation” is an Advanced Persistent Threat (APT) campaign targeting iOS devices. This sophisticated campaign employs zero-click exploits distributed via iMessage, enabling attackers to gain complete control over the targeted device and access user data.