Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research
Backdoor inserted at U.S. behest, alleges FSB.
The U.S. National Security Agency (NSA) inserted backdoors into the iPhone operating system, according to Russia’s Federal Security Service (FSB). That’s allowed the NSA to spy on Russian officials and foreign diplomats, says the служба.
Kaspersky Lab claims to have discovered the spyware, dubbing it Triangulation. In today’s SB Blogwatch, we wonder why it took them four years to find it.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: J. Paul Lyet.
Tit-For-Tat Triangulation Trojan Talk
What’s the craic? Guy Faulconbridge, James Pearson and Raphael Satter report—“Russia says U.S. accessed thousands of Apple phones” and then “Apple denies surveillance claims”:
“Cooperated with American spies”
Russia’s … FSB said on Thursday it had uncovered a U.S. … NSA plot using previously unknown malware to access specially made so-called backdoor vulnerabilities in Apple phones. The FSB, the main successor to the Soviet-era KGB, said several thousand Apple phones had been infected, including those of domestic Russian subscribers [and of] foreign diplomats based in Russia and the former Soviet Union … Israel, Syria, China and NATO members.
…
The FSB said the plot showed “close cooperation” between Apple and the NSA. … The Russian warning on Apple phones came a few hours before Moscow-based antivirus firm Kaspersky Lab [said] an undisclosed number of its staffers had had their iPhones compromised. Kaspersky said spyware, delivered by an invisible message, was installed through vulnerabilities in … iOS.
…
Apple Inc. is denying claims … that it cooperated with American spies: … The company said it has “never worked with any government to insert a backdoor into any apple product and never will.”
Did someone say “Kaspersky”? Yevgeny “Eugene” Valentinovich Kaspersky either is spitting feathers or is a useful idiot—“Targeted attack on our management”:
“Extremely technologically sophisticated”
Our experts have discovered an extremely complex, professional targeted cyberattack that uses Apple’s mobile devices. [It] requires no action from the user.
…
The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs [a] new, extremely technologically sophisticated spyware we’ve dubbed “Triangulation.” … We’re confident that Kaspersky was not the main target of this cyberattack.
Ah, yes. Yet another no-click flaw in iMessage. jmah is confused:
Lockdown Mode was added in iOS 16. The article only mentions iOS 15.7. … iOS 16 was released … last year.
How new is this, really? Not so much, according to Igor Kuznetsov, Valentin Pashkov, Leonid Bezvershenko and Georgy Kucherin—“Previously unknown malware”:
The oldest traces of infection that we discovered happened in 2019 … although the malware includes portions of code dedicated specifically to clear the traces of compromise. [One] indicator of compromise is the inability to install iOS updates.
…
Malicious code … modifies [a] system settings file named com.apple.softwareupdateservicesd.plist. We observed update attempts to end with an error message “Software Update Failed. An error ocurred downloading iOS.”
So, why now? quonset explains:
Putin’s getting nervous. Between the Belgorod People’s Republic asking for help to claim its sovereignty from Russia, to Ukraine’s counteroffensive about to steamroll through the lines of untrained mobiks, Putin is desperately looking about for anyone or anything to blame for the stunning failure of his entire regime.
A lot of these sorts of shenanigans are tit-for-tat. A lonely wandering vlovich123 wonders aloud:
I wonder if this is Russia’s attempt to retaliate against the NSA describing FSB’s Snake malware. One notable difference is that the NSA described in a lot of detail exactly why it’s attributed to Russia and the technical details of the malware and how to protect yourself.
Like we’re going to take Kaspersky’s word for it? Don’t be so quick to judge, says SplatMan_DK:
At my last employer … we used Kaspersky products up until the invasion of Ukraine. We then switched out of principle … for political reasons.
…
That said, Kaspersky is above and beyond most other vendors in the security sector, and I miss working with them. … By contrast, even calling someone on the phone at some of the US based alternatives now, is a PITA. … They feel like customer-hostile license leeches in comparison.
If Kaspersky survives Russia’s moronic war against Ukraine, and if we can reasonably establish that they haven’t materially helped Putin, I think they deserve a comeback. They had the right stuff at the core.
Where are Russians getting iPhones from, anyway? Sanctions schmanctions, as this Anonymous Coward seems to say:
I think you are very confused as to what the sanctions have done. The wealthy have absolutely no issues getting an iPhone, the only thing that changed is they can’t order it directly on the website. [My] Wife has a goddaughter in Moscow, she just purchased an iPhone 14 this week.
Meanwhile, IGotOut suggests an alternative narrative:
Of course, it could be that Kaspersky spotted FSB spyware used to keep an eye on potential internal dissidents, and now the FSB have to blame someone else.
And Finally:
TW: Kipper ties, awkward hand gestures, all-women typing pools.
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Kaspersky Lab (cc:by-sa; leveled and cropped)
