WingNews logo WingNews GitHub [2]
top | item 36161392

Targeted attack on our management with the Triangulation Trojan

197 points| madmanweb | 2 years ago |usa.kaspersky.com | reply

126 comments

order
[+] vivegi|2 years ago|reply
From the article

> We believe that the main reason for this incident is the proprietary nature of iOS. This operating system is a “black box”, in which spyware like Triangulation can hide for years. Detecting and analyzing such threats is made all the more difficult by Apple’s monopoly of research tools – making it a perfect haven for spyware. In other words, as I’ve often said, users are given the illusion of security associated with the complete opacity of the system. What actually happens in iOS is unknown to cybersecurity experts, and the absence of news about attacks in no way indicates their being impossible – as we’ve just seen.

[+] 2OEH8eoCRo0|2 years ago|reply
Shatters Apple's argument that all of these hurdles are better for security. I wonder if testimony like this could affect any of their antitrust lawsuits or right to repair lobbying.
[+] Ecstatify|2 years ago|reply
Why are top management at Kaspersky using iPhones, presumably they knew iPhones were a “black box” and a security risk.
[+] veave|2 years ago|reply
Why are they using iOS if they feel that way about it?

Also: iOS 16 is not vulnerable and it was released on September 12, 2022 - why are those phones out of date for so long?

[+] prmoustache|2 years ago|reply
Does Kapersky release its products under open source license nowadays?
[+] wiz21c|2 years ago|reply
And it's not RMS who said it :-)
[+] ComodoHacker|2 years ago|reply
From the linked technical report:

The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.

[+] rho4|2 years ago|reply
"An indirect indication of the presence of Triangulation on the device is the disabling of the ability to update iOS"

My guess would be that they didn't find out thanks to their monitoring solution, but because some senior manager shouted pretty loudly at someone to get their iPhone to update, asap! :)

[+] dist-epoch|2 years ago|reply
Or maybe the monitoring solution noticed the LACK of update checks from iOS devices.
[+] cookiengineer|2 years ago|reply
Kaspersky was spying on international citizens for over a decade, providing data for both the FSB and GRU.

...and now they're complaining about counter surveillance by the FBI?

[+] f6v|2 years ago|reply
You make it sound like big tech companies never cooperate with the law enforcement. I bet CIA and FBI have their hand so far up Zuck’s ass it’s almost like Minority Report at this point.
[+] zamalek|2 years ago|reply
How is disclosing an Apple security issue "complaining"?
[+] crimsontech|2 years ago|reply
Do you have any sources for this? I'm interested in reading more about it after seeing a lot of allegations. I don't recall ever seeing anything concrete.
[+] kramerger|2 years ago|reply
> users are given the illusion of security associated with the complete opacity of the system. What actually happens in iOS is unknown to cybersecurity experts, and the absence of news about attacks in no way indicates their being impossible

For this to change the community needs to create the needed tools. I don't think Apple will ever help you with something that can potentially make them look bad.

[+] Traubenfuchs|2 years ago|reply
tl;dr - malicious state and private threat actors can at any time completely take over your iphone (root access) with an invisible iMessage without you having a practical chance to detect it besides scanning your iphone backup
[+] michaelmcdonald|2 years ago|reply
Should add that this can only occur if you haven't updated your phone in over a year.
[+] bboygravity|2 years ago|reply
It still blows my mind that this is not a known fact by most people for as long as phones have existed? Or maybe it is?
[+] kossTKR|2 years ago|reply
Adjacent topic but i have a friend who told me buying a refurbished iPhone from a local shop was a bad idea from a security perspective.

Is this true? I thought a hard reset and secure enclave etc. was enough? Can you put "stuff" in it that survives to a new user?

[+] bollos|2 years ago|reply
Theoretically yes. However, the chance of you encountering a second hand device with such an implant is relatively low I'd say.

I guess if you buy it off journalists or activists the chance would be higher but still relatively unlikely. But as with anything, consider if it suits your threat model and act accordingly.

[+] saagarjha|2 years ago|reply
Exploits that survive a full wipe are almost unheard of on iOS.
[+] j16sdiz|2 years ago|reply
Is this an AD for their SIEM product?
[+] saagarjha|2 years ago|reply
> What actually happens in iOS is unknown to cybersecurity experts

Sounds like a skill issue to me. I'll eat my words if they were genuinely infected with something that lingered in such a way that it persisted past a reboot and completely broke all updates, but I would be very surprised if this was the case.

[+] pseudo0|2 years ago|reply
Why would an actor with a reliable zero-click need to persist past a reboot? That appears to be the claim in the article, update blocking plus on-demand reinfection.
[+] tbossanova|2 years ago|reply
Didn’t read the article, because on my oldish phone the cookie options defaulted to disallowing necessary cookies and allowing all others. I’m fairly confident this is a bug
[+] tbossanova|2 years ago|reply
Aand I just reloaded and it bounced around between cookie modal and nothing before letting me in without further interaction