Home
News
You are here

Millions of iPhones are vulnerable to iMessage attack facilitated by black box-like iOS

Updated: Jun 02, 2023, 6:15 PM

0comments

Kaspersky: Ongoing invisible iMessage attack shatters illusion that iOS is safer than Android

Kaspersky has discovered new spyware that attackers can install stealthily on iPhones not running the latest version of iOS.

The malware was discovered when the company suspected that something was off about the activity originating from several iPhones owned by its employees. The iPhone cannot be inspected from the inside, so Kaspersky created offline backups of devices they thought were infected and found pieces of evidence of compromise.

This seems to be a targeted campaign against iPhone owners. The cybersecurity firm is calling it "Operation Triangulation."

How does it work?

Cybercriminals send an invisible iMessage to iPhone users with a malicious attachment. It doesn't need the iPhone user to do anything and is enough on its own to take advantage of vulnerabilities in iOS to execute a code and install spyware. The phone then receives more instructions from the command and control center, including those that give the malware more privileges, enabling it to wreak more havoc.

The code has unrestricted access to the iPhone and runs a series of commands to collect private user information such as microphone recordings, pictures from instant messengers, and geolocation.

The original message is deleted and so is the exploit in the attachment, so most victims will likely never know that their phone was infected.

No easy way to remove spyware

One thing that can point to the presence of the spyware is inability to update iOS. Since iOS updates are blocked, it's impossible at the moment to remove the spyware without losing user data. The only way to get rid of it is by resetting the affected iPhone to the factory settings and downloading the latest version of iOS, which might not be possible as some older iPhones have been cut off from OS updates. If only the spyware is deleted, the devices will be re-infected.

The campaign has been active since 2019 and is still ongoing. It seems that only the iPhones running iOS 15.7 or older versions of iOS are vulnerable.

According to Apple, 80.1 percent of iPhone users are already on iOS 16, so most iPhone owners have nothing to worry about. But given that there are an estimated 1.36 billion active iPhones in the world, 258 million iPhone users can still be targeted.

Kaspersky believes that iPhones are an easy target for attacks like this one because iOS is like a black box where spyware can easily hide for years. Apple has a monopoly on research tools, so detecting these threats is not easy.

In other words, as I’ve often said, users are given the illusion of security associated with the complete opacity of the system. What actually happens in iOS is unknown to cybersecurity experts, and the absence of news about attacks in no way indicates their being impossible – as we’ve just seen." - Eugene Kaspersky, CEO Kaspersky

View Full Bio

Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.